Re-run clang-format with InsertBraces.
This CL runs the same command as in the preceding CL, but with
'IncludeBraces: true' added to .clang-format. I've split this out
separately because the documentation says:
> Setting this option to true could lead to incorrect code formatting
> due to clang-format’s lack of complete semantic information. As such,
> extra care should be taken to review code changes made by this option.
I've also kept InsertBraces out of .clang-format for now because it's a
fairly recent option, and clang-format fails when it sees unrecognized
options.
Change-Id: I305ea7bb2633704053a1f8de1e11b037b9fc8a76
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/53086
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c
index eb3bbfb..5b97efa 100644
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -149,10 +149,12 @@
}
if ((a == NULL) || ((*a) == NULL)) {
- if ((ret = ASN1_BIT_STRING_new()) == NULL)
+ if ((ret = ASN1_BIT_STRING_new()) == NULL) {
return (NULL);
- } else
+ }
+ } else {
ret = (*a);
+ }
p = *pp;
padding = *(p++);
@@ -191,13 +193,15 @@
OPENSSL_free(ret->data);
ret->data = s;
ret->type = V_ASN1_BIT_STRING;
- if (a != NULL)
+ if (a != NULL) {
(*a) = ret;
+ }
*pp = p;
return (ret);
err:
- if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) {
ASN1_BIT_STRING_free(ret);
+ }
return (NULL);
}
@@ -211,33 +215,39 @@
w = n / 8;
v = 1 << (7 - (n & 0x07));
iv = ~v;
- if (!value)
+ if (!value) {
v = 0;
+ }
- if (a == NULL)
+ if (a == NULL) {
return 0;
+ }
a->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear, set on write */
if ((a->length < (w + 1)) || (a->data == NULL)) {
- if (!value)
+ if (!value) {
return (1); /* Don't need to set */
- if (a->data == NULL)
+ }
+ if (a->data == NULL) {
c = (unsigned char *)OPENSSL_malloc(w + 1);
- else
+ } else {
c = (unsigned char *)OPENSSL_realloc(a->data, w + 1);
+ }
if (c == NULL) {
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
return 0;
}
- if (w + 1 - a->length > 0)
+ if (w + 1 - a->length > 0) {
OPENSSL_memset(c + a->length, 0, w + 1 - a->length);
+ }
a->data = c;
a->length = w + 1;
}
a->data[w] = ((a->data[w]) & iv) | v;
- while ((a->length > 0) && (a->data[a->length - 1] == 0))
+ while ((a->length > 0) && (a->data[a->length - 1] == 0)) {
a->length--;
+ }
return (1);
}
@@ -246,8 +256,9 @@
w = n / 8;
v = 1 << (7 - (n & 0x07));
- if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL))
+ if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL)) {
return (0);
+ }
return ((a->data[w] & v) != 0);
}
@@ -261,8 +272,9 @@
int flags_len) {
int i, ok;
/* Check if there is one bit set at all. */
- if (!a || !a->data)
+ if (!a || !a->data) {
return 1;
+ }
/*
* Check each byte of the internal representation of the bit string.
diff --git a/crypto/asn1/a_bool.c b/crypto/asn1/a_bool.c
index 5bb9bb6..daf96fc 100644
--- a/crypto/asn1/a_bool.c
+++ b/crypto/asn1/a_bool.c
@@ -64,8 +64,9 @@
unsigned char *p, *allocated = NULL;
r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN);
- if (pp == NULL)
+ if (pp == NULL) {
return (r);
+ }
if (*pp == NULL) {
if ((p = allocated = OPENSSL_malloc(r)) == NULL) {
diff --git a/crypto/asn1/a_dup.c b/crypto/asn1/a_dup.c
index f019883..5434b78 100644
--- a/crypto/asn1/a_dup.c
+++ b/crypto/asn1/a_dup.c
@@ -71,8 +71,9 @@
long i;
void *ret;
- if (x == NULL)
+ if (x == NULL) {
return (NULL);
+ }
i = ASN1_item_i2d(x, &b, it);
if (b == NULL) {
diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c
index 83c4c54..00a1282 100644
--- a/crypto/asn1/a_gentm.c
+++ b/crypto/asn1/a_gentm.c
@@ -88,13 +88,15 @@
t.data = (unsigned char *)str;
if (ASN1_GENERALIZEDTIME_check(&t)) {
if (s != NULL) {
- if (!ASN1_STRING_set((ASN1_STRING *)s, (unsigned char *)str, t.length))
+ if (!ASN1_STRING_set((ASN1_STRING *)s, (unsigned char *)str, t.length)) {
return 0;
+ }
s->type = V_ASN1_GENERALIZEDTIME;
}
return (1);
- } else
+ } else {
return (0);
+ }
}
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
@@ -111,20 +113,24 @@
size_t len = 20;
ASN1_GENERALIZEDTIME *tmps = NULL;
- if (s == NULL)
+ if (s == NULL) {
tmps = ASN1_GENERALIZEDTIME_new();
- else
+ } else {
tmps = s;
- if (tmps == NULL)
+ }
+ if (tmps == NULL) {
return NULL;
+ }
ts = OPENSSL_gmtime(&t, &data);
- if (ts == NULL)
+ if (ts == NULL) {
goto err;
+ }
if (offset_day || offset_sec) {
- if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
+ if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) {
goto err;
+ }
}
if (ts->tm_year < 0 - 1900 || ts->tm_year > 9999 - 1900) {
@@ -150,7 +156,8 @@
tmps->type = V_ASN1_GENERALIZEDTIME;
return tmps;
err:
- if (s == NULL)
+ if (s == NULL) {
ASN1_GENERALIZEDTIME_free(tmps);
+ }
return NULL;
}
diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c
index f7345d7..1da9889 100644
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -423,10 +423,11 @@
}
BIGNUM *ret;
- if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL)
+ if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_BN_LIB);
- else if (ai->type & V_ASN1_NEG)
+ } else if (ai->type & V_ASN1_NEG) {
BN_set_negative(ret, 1);
+ }
return (ret);
}
diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c
index 2a5ba4b..fd5562c 100644
--- a/crypto/asn1/a_mbstr.c
+++ b/crypto/asn1/a_mbstr.c
@@ -92,10 +92,12 @@
ASN1_STRING *dest;
size_t nchar = 0;
char strbuf[32];
- if (len == -1)
+ if (len == -1) {
len = strlen((const char *)in);
- if (!mask)
+ }
+ if (!mask) {
mask = DIRSTRING_TYPE;
+ }
int (*decode_func)(CBS *, uint32_t *);
int error;
@@ -213,8 +215,9 @@
return -1;
}
- if (!out)
+ if (!out) {
return str_type;
+ }
if (*out) {
free_out = 0;
dest = *out;
@@ -271,8 +274,9 @@
return str_type;
err:
- if (free_out)
+ if (free_out) {
ASN1_STRING_free(dest);
+ }
CBB_cleanup(&cbb);
return -1;
}
diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index 171ff40..e157d90 100644
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -194,8 +194,9 @@
if ((a == NULL) || ((*a) == NULL) ||
!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {
- if ((ret = ASN1_OBJECT_new()) == NULL)
+ if ((ret = ASN1_OBJECT_new()) == NULL) {
return (NULL);
+ }
} else {
ret = (*a);
}
@@ -207,8 +208,9 @@
/* once detached we can change it */
if ((data == NULL) || (ret->length < length)) {
ret->length = 0;
- if (data != NULL)
+ if (data != NULL) {
OPENSSL_free(data);
+ }
data = (unsigned char *)OPENSSL_malloc(length);
if (data == NULL) {
i = ERR_R_MALLOC_FAILURE;
@@ -230,14 +232,16 @@
ret->ln = NULL;
p += length;
- if (a != NULL)
+ if (a != NULL) {
(*a) = ret;
+ }
*pp = p;
return (ret);
err:
OPENSSL_PUT_ERROR(ASN1, i);
- if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) {
ASN1_OBJECT_free(ret);
+ }
return (NULL);
}
@@ -259,8 +263,9 @@
}
void ASN1_OBJECT_free(ASN1_OBJECT *a) {
- if (a == NULL)
+ if (a == NULL) {
return;
+ }
if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) {
OPENSSL_free((void *)a->sn);
OPENSSL_free((void *)a->ln);
@@ -271,8 +276,9 @@
a->data = NULL;
a->length = 0;
}
- if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
+ if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC) {
OPENSSL_free(a);
+ }
}
ASN1_OBJECT *ASN1_OBJECT_create(int nid, const unsigned char *data, int len,
diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
index ee0cd55..d855b04 100644
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -176,8 +176,9 @@
case MBSTRING_UTF8: {
int consumed = UTF8_getc(p, buflen, &c);
- if (consumed < 0)
+ if (consumed < 0) {
return -1; /* Invalid UTF8String */
+ }
buflen -= consumed;
p += consumed;
break;
@@ -228,8 +229,9 @@
while (p != q) {
hextmp[0] = hexdig[*p >> 4];
hextmp[1] = hexdig[*p & 0xf];
- if (!maybe_write(out, hextmp, 2))
+ if (!maybe_write(out, hextmp, 2)) {
return -1;
+ }
p++;
}
}
@@ -329,8 +331,9 @@
if (flags & ASN1_STRFLGS_SHOW_TYPE) {
const char *tagname = ASN1_tag2str(type);
outlen += strlen(tagname);
- if (!maybe_write(out, tagname, outlen) || !maybe_write(out, ":", 1))
+ if (!maybe_write(out, tagname, outlen) || !maybe_write(out, ":", 1)) {
return -1;
+ }
outlen++;
}
@@ -351,8 +354,9 @@
if (encoding == -1) {
int len = do_dump(flags, out, str);
- if (len < 0)
+ if (len < 0) {
return -1;
+ }
outlen += len;
return outlen;
}
@@ -413,8 +417,9 @@
}
int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in) {
- if (!in)
+ if (!in) {
return -1;
+ }
int mbflag = string_type_to_encoding(in->type);
if (mbflag == -1) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_TAG);
@@ -426,8 +431,9 @@
stmp.flags = 0;
int ret =
ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
- if (ret < 0)
+ if (ret < 0) {
return ret;
+ }
*out = stmp.data;
return stmp.length;
}
@@ -437,33 +443,40 @@
char buf[80];
const char *p;
- if (v == NULL)
+ if (v == NULL) {
return (0);
+ }
n = 0;
p = (const char *)v->data;
for (i = 0; i < v->length; i++) {
- if ((p[i] > '~') || ((p[i] < ' ') && (p[i] != '\n') && (p[i] != '\r')))
+ if ((p[i] > '~') || ((p[i] < ' ') && (p[i] != '\n') && (p[i] != '\r'))) {
buf[n] = '.';
- else
+ } else {
buf[n] = p[i];
+ }
n++;
if (n >= 80) {
- if (BIO_write(bp, buf, n) <= 0)
+ if (BIO_write(bp, buf, n) <= 0) {
return (0);
+ }
n = 0;
}
}
- if (n > 0)
- if (BIO_write(bp, buf, n) <= 0)
+ if (n > 0) {
+ if (BIO_write(bp, buf, n) <= 0) {
return (0);
+ }
+ }
return (1);
}
int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) {
- if (tm->type == V_ASN1_UTCTIME)
+ if (tm->type == V_ASN1_UTCTIME) {
return ASN1_UTCTIME_print(bp, tm);
- if (tm->type == V_ASN1_GENERALIZEDTIME)
+ }
+ if (tm->type == V_ASN1_GENERALIZEDTIME) {
return ASN1_GENERALIZEDTIME_print(bp, tm);
+ }
BIO_write(bp, "Bad time value", 14);
return (0);
}
@@ -482,18 +495,23 @@
i = tm->length;
v = (char *)tm->data;
- if (i < 12)
+ if (i < 12) {
goto err;
- if (v[i - 1] == 'Z')
+ }
+ if (v[i - 1] == 'Z') {
gmt = 1;
- for (i = 0; i < 12; i++)
- if ((v[i] > '9') || (v[i] < '0'))
+ }
+ for (i = 0; i < 12; i++) {
+ if ((v[i] > '9') || (v[i] < '0')) {
goto err;
+ }
+ }
y = (v[0] - '0') * 1000 + (v[1] - '0') * 100 + (v[2] - '0') * 10 +
(v[3] - '0');
M = (v[4] - '0') * 10 + (v[5] - '0');
- if ((M > 12) || (M < 1))
+ if ((M > 12) || (M < 1)) {
goto err;
+ }
d = (v[6] - '0') * 10 + (v[7] - '0');
h = (v[8] - '0') * 10 + (v[9] - '0');
m = (v[10] - '0') * 10 + (v[11] - '0');
@@ -505,16 +523,18 @@
int l = tm->length;
f = &v[14]; /* The decimal point. */
f_len = 1;
- while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9')
+ while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9') {
++f_len;
+ }
}
}
if (BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s", mon[M - 1], d, h, m, s,
- f_len, f, y, (gmt) ? " GMT" : "") <= 0)
+ f_len, f, y, (gmt) ? " GMT" : "") <= 0) {
return (0);
- else
+ } else {
return (1);
+ }
err:
BIO_write(bp, "Bad time value", 14);
return (0);
diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c
index eb22475..5fdbc33 100644
--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
@@ -90,19 +90,22 @@
return NULL;
}
if (offset_day || offset_sec) {
- if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
+ if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) {
return NULL;
+ }
}
- if ((ts->tm_year >= 50) && (ts->tm_year < 150))
+ if ((ts->tm_year >= 50) && (ts->tm_year < 150)) {
return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec);
+ }
return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec);
}
int ASN1_TIME_check(const ASN1_TIME *t) {
- if (t->type == V_ASN1_GENERALIZEDTIME)
+ if (t->type == V_ASN1_GENERALIZEDTIME) {
return ASN1_GENERALIZEDTIME_check(t);
- else if (t->type == V_ASN1_UTCTIME)
+ } else if (t->type == V_ASN1_UTCTIME) {
return ASN1_UTCTIME_check(t);
+ }
return 0;
}
@@ -113,45 +116,52 @@
char *str;
int newlen;
- if (!ASN1_TIME_check(t))
+ if (!ASN1_TIME_check(t)) {
return NULL;
+ }
if (!out || !*out) {
- if (!(ret = ASN1_GENERALIZEDTIME_new()))
+ if (!(ret = ASN1_GENERALIZEDTIME_new())) {
goto err;
+ }
} else {
ret = *out;
}
/* If already GeneralizedTime just copy across */
if (t->type == V_ASN1_GENERALIZEDTIME) {
- if (!ASN1_STRING_set(ret, t->data, t->length))
+ if (!ASN1_STRING_set(ret, t->data, t->length)) {
goto err;
+ }
goto done;
}
/* grow the string */
- if (!ASN1_STRING_set(ret, NULL, t->length + 2))
+ if (!ASN1_STRING_set(ret, NULL, t->length + 2)) {
goto err;
+ }
/* ASN1_STRING_set() allocated 'len + 1' bytes. */
newlen = t->length + 2 + 1;
str = (char *)ret->data;
/* Work out the century and prepend */
- if (t->data[0] >= '5')
+ if (t->data[0] >= '5') {
OPENSSL_strlcpy(str, "19", newlen);
- else
+ } else {
OPENSSL_strlcpy(str, "20", newlen);
+ }
OPENSSL_strlcat(str, (char *)t->data, newlen);
done:
- if (out != NULL && *out == NULL)
+ if (out != NULL && *out == NULL) {
*out = ret;
+ }
return ret;
err:
- if (out == NULL || *out != ret)
+ if (out == NULL || *out != ret) {
ASN1_GENERALIZEDTIME_free(ret);
+ }
return NULL;
}
@@ -167,12 +177,14 @@
if (!ASN1_TIME_check(&t)) {
t.type = V_ASN1_GENERALIZEDTIME;
- if (!ASN1_TIME_check(&t))
+ if (!ASN1_TIME_check(&t)) {
return 0;
+ }
}
- if (s && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
+ if (s && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t)) {
return 0;
+ }
return 1;
}
@@ -181,15 +193,17 @@
if (t == NULL) {
time_t now_t;
time(&now_t);
- if (OPENSSL_gmtime(&now_t, tm))
+ if (OPENSSL_gmtime(&now_t, tm)) {
return 1;
+ }
return 0;
}
- if (t->type == V_ASN1_UTCTIME)
+ if (t->type == V_ASN1_UTCTIME) {
return asn1_utctime_to_tm(tm, t);
- else if (t->type == V_ASN1_GENERALIZEDTIME)
+ } else if (t->type == V_ASN1_GENERALIZEDTIME) {
return asn1_generalizedtime_to_tm(tm, t);
+ }
return 0;
}
@@ -197,9 +211,11 @@
int ASN1_TIME_diff(int *out_days, int *out_seconds, const ASN1_TIME *from,
const ASN1_TIME *to) {
struct tm tm_from, tm_to;
- if (!asn1_time_to_tm(&tm_from, from))
+ if (!asn1_time_to_tm(&tm_from, from)) {
return 0;
- if (!asn1_time_to_tm(&tm_to, to))
+ }
+ if (!asn1_time_to_tm(&tm_to, to)) {
return 0;
+ }
return OPENSSL_gmtime_diff(out_days, out_seconds, &tm_from, &tm_to);
}
diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c
index f57697c..1a53c93 100644
--- a/crypto/asn1/a_type.c
+++ b/crypto/asn1/a_type.c
@@ -86,10 +86,11 @@
ASN1_TYPE **tmp_a = &a;
ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
a->type = type;
- if (type == V_ASN1_BOOLEAN)
+ if (type == V_ASN1_BOOLEAN) {
a->value.boolean = value ? 0xff : 0;
- else
+ } else {
a->value.ptr = value;
+ }
}
int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value) {
@@ -99,14 +100,16 @@
} else if (type == V_ASN1_OBJECT) {
ASN1_OBJECT *odup;
odup = OBJ_dup(value);
- if (!odup)
+ if (!odup) {
return 0;
+ }
ASN1_TYPE_set(a, type, odup);
} else {
ASN1_STRING *sdup;
sdup = ASN1_STRING_dup(value);
- if (!sdup)
+ if (!sdup) {
return 0;
+ }
ASN1_TYPE_set(a, type, sdup);
}
return 1;
@@ -116,8 +119,9 @@
int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) {
int result = -1;
- if (!a || !b || a->type != b->type)
+ if (!a || !b || a->type != b->type) {
return -1;
+ }
switch (a->type) {
case V_ASN1_OBJECT:
diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c
index 3a314f1..c0cc2f9 100644
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -88,13 +88,15 @@
t.data = (unsigned char *)str;
if (ASN1_UTCTIME_check(&t)) {
if (s != NULL) {
- if (!ASN1_STRING_set((ASN1_STRING *)s, (unsigned char *)str, t.length))
+ if (!ASN1_STRING_set((ASN1_STRING *)s, (unsigned char *)str, t.length)) {
return 0;
+ }
s->type = V_ASN1_UTCTIME;
}
return (1);
- } else
+ } else {
return (0);
+ }
}
ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) {
@@ -113,20 +115,24 @@
free_s = 1;
s = ASN1_UTCTIME_new();
}
- if (s == NULL)
+ if (s == NULL) {
goto err;
-
- ts = OPENSSL_gmtime(&t, &data);
- if (ts == NULL)
- goto err;
-
- if (offset_day || offset_sec) {
- if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
- goto err;
}
- if ((ts->tm_year < 50) || (ts->tm_year >= 150))
+ ts = OPENSSL_gmtime(&t, &data);
+ if (ts == NULL) {
goto err;
+ }
+
+ if (offset_day || offset_sec) {
+ if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) {
+ goto err;
+ }
+ }
+
+ if ((ts->tm_year < 50) || (ts->tm_year >= 150)) {
+ goto err;
+ }
p = (char *)s->data;
if ((p == NULL) || ((size_t)s->length < len)) {
@@ -135,8 +141,9 @@
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (s->data != NULL)
+ if (s->data != NULL) {
OPENSSL_free(s->data);
+ }
s->data = (unsigned char *)p;
}
@@ -147,8 +154,9 @@
s->type = V_ASN1_UTCTIME;
return (s);
err:
- if (free_s && s)
+ if (free_s && s) {
ASN1_UTCTIME_free(s);
+ }
return NULL;
}
@@ -156,22 +164,29 @@
struct tm stm, ttm;
int day, sec;
- if (!asn1_utctime_to_tm(&stm, s))
+ if (!asn1_utctime_to_tm(&stm, s)) {
return -2;
+ }
- if (!OPENSSL_gmtime(&t, &ttm))
+ if (!OPENSSL_gmtime(&t, &ttm)) {
return -2;
+ }
- if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm))
+ if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm)) {
return -2;
+ }
- if (day > 0)
+ if (day > 0) {
return 1;
- if (day < 0)
+ }
+ if (day < 0) {
return -1;
- if (sec > 0)
+ }
+ if (sec > 0) {
return 1;
- if (sec < 0)
+ }
+ if (sec < 0) {
return -1;
+ }
return 0;
}
diff --git a/crypto/asn1/a_utf8.c b/crypto/asn1/a_utf8.c
index 1cb1a23..0f2cba6 100644
--- a/crypto/asn1/a_utf8.c
+++ b/crypto/asn1/a_utf8.c
@@ -76,8 +76,9 @@
const unsigned char *p;
uint32_t value;
int ret;
- if (len <= 0)
+ if (len <= 0) {
return 0;
+ }
p = str;
/* Check syntax and work out the encoded value (if correct) */
@@ -85,71 +86,87 @@
value = *p++ & 0x7f;
ret = 1;
} else if ((*p & 0xe0) == 0xc0) {
- if (len < 2)
+ if (len < 2) {
return -1;
- if ((p[1] & 0xc0) != 0x80)
+ }
+ if ((p[1] & 0xc0) != 0x80) {
return -3;
+ }
value = (*p++ & 0x1f) << 6;
value |= *p++ & 0x3f;
- if (value < 0x80)
+ if (value < 0x80) {
return -4;
+ }
ret = 2;
} else if ((*p & 0xf0) == 0xe0) {
- if (len < 3)
+ if (len < 3) {
return -1;
- if (((p[1] & 0xc0) != 0x80) || ((p[2] & 0xc0) != 0x80))
+ }
+ if (((p[1] & 0xc0) != 0x80) || ((p[2] & 0xc0) != 0x80)) {
return -3;
+ }
value = (*p++ & 0xf) << 12;
value |= (*p++ & 0x3f) << 6;
value |= *p++ & 0x3f;
- if (value < 0x800)
+ if (value < 0x800) {
return -4;
+ }
ret = 3;
} else if ((*p & 0xf8) == 0xf0) {
- if (len < 4)
+ if (len < 4) {
return -1;
+ }
if (((p[1] & 0xc0) != 0x80) || ((p[2] & 0xc0) != 0x80) ||
- ((p[3] & 0xc0) != 0x80))
+ ((p[3] & 0xc0) != 0x80)) {
return -3;
+ }
value = ((uint32_t)(*p++ & 0x7)) << 18;
value |= (*p++ & 0x3f) << 12;
value |= (*p++ & 0x3f) << 6;
value |= *p++ & 0x3f;
- if (value < 0x10000)
+ if (value < 0x10000) {
return -4;
+ }
ret = 4;
} else if ((*p & 0xfc) == 0xf8) {
- if (len < 5)
+ if (len < 5) {
return -1;
+ }
if (((p[1] & 0xc0) != 0x80) || ((p[2] & 0xc0) != 0x80) ||
- ((p[3] & 0xc0) != 0x80) || ((p[4] & 0xc0) != 0x80))
+ ((p[3] & 0xc0) != 0x80) || ((p[4] & 0xc0) != 0x80)) {
return -3;
+ }
value = ((uint32_t)(*p++ & 0x3)) << 24;
value |= ((uint32_t)(*p++ & 0x3f)) << 18;
value |= ((uint32_t)(*p++ & 0x3f)) << 12;
value |= (*p++ & 0x3f) << 6;
value |= *p++ & 0x3f;
- if (value < 0x200000)
+ if (value < 0x200000) {
return -4;
+ }
ret = 5;
} else if ((*p & 0xfe) == 0xfc) {
- if (len < 6)
+ if (len < 6) {
return -1;
+ }
if (((p[1] & 0xc0) != 0x80) || ((p[2] & 0xc0) != 0x80) ||
((p[3] & 0xc0) != 0x80) || ((p[4] & 0xc0) != 0x80) ||
- ((p[5] & 0xc0) != 0x80))
+ ((p[5] & 0xc0) != 0x80)) {
return -3;
+ }
value = ((uint32_t)(*p++ & 0x1)) << 30;
value |= ((uint32_t)(*p++ & 0x3f)) << 24;
value |= ((uint32_t)(*p++ & 0x3f)) << 18;
value |= ((uint32_t)(*p++ & 0x3f)) << 12;
value |= (*p++ & 0x3f) << 6;
value |= *p++ & 0x3f;
- if (value < 0x4000000)
+ if (value < 0x4000000) {
return -4;
+ }
ret = 6;
- } else
+ } else {
return -2;
+ }
*val = value;
return ret;
}
@@ -163,18 +180,21 @@
*/
int UTF8_putc(unsigned char *str, int len, uint32_t value) {
- if (!str)
+ if (!str) {
len = 6; /* Maximum we will need */
- else if (len <= 0)
+ } else if (len <= 0) {
return -1;
+ }
if (value < 0x80) {
- if (str)
+ if (str) {
*str = (unsigned char)value;
+ }
return 1;
}
if (value < 0x800) {
- if (len < 2)
+ if (len < 2) {
return -1;
+ }
if (str) {
*str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0);
*str = (unsigned char)((value & 0x3f) | 0x80);
@@ -182,8 +202,9 @@
return 2;
}
if (value < 0x10000) {
- if (len < 3)
+ if (len < 3) {
return -1;
+ }
if (str) {
*str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0);
*str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
@@ -192,8 +213,9 @@
return 3;
}
if (value < 0x200000) {
- if (len < 4)
+ if (len < 4) {
return -1;
+ }
if (str) {
*str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0);
*str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
@@ -203,8 +225,9 @@
return 4;
}
if (value < 0x4000000) {
- if (len < 5)
+ if (len < 5) {
return -1;
+ }
if (str) {
*str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8);
*str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
@@ -214,8 +237,9 @@
}
return 5;
}
- if (len < 6)
+ if (len < 6) {
return -1;
+ }
if (str) {
*str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc);
*str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80);
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 9532907..bc54706 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -162,25 +162,28 @@
i = (constructed) ? V_ASN1_CONSTRUCTED : 0;
i |= (xclass & V_ASN1_PRIVATE);
- if (tag < 31)
+ if (tag < 31) {
*(p++) = i | (tag & V_ASN1_PRIMITIVE_TAG);
- else {
+ } else {
*(p++) = i | V_ASN1_PRIMITIVE_TAG;
- for (i = 0, ttag = tag; ttag > 0; i++)
+ for (i = 0, ttag = tag; ttag > 0; i++) {
ttag >>= 7;
+ }
ttag = i;
while (i-- > 0) {
p[i] = tag & 0x7f;
- if (i != (ttag - 1))
+ if (i != (ttag - 1)) {
p[i] |= 0x80;
+ }
tag >>= 7;
}
p += ttag;
}
- if (constructed == 2)
+ if (constructed == 2) {
*(p++) = 0x80;
- else
+ } else {
asn1_put_length(&p, length);
+ }
*pp = p;
}
@@ -197,12 +200,13 @@
static void asn1_put_length(unsigned char **pp, int length) {
unsigned char *p = *pp;
int i, l;
- if (length <= 127)
+ if (length <= 127) {
*(p++) = (unsigned char)length;
- else {
+ } else {
l = length;
- for (i = 0; l > 0; i++)
+ for (i = 0; l > 0; i++) {
l >>= 8;
+ }
*(p++) = i | 0x80;
l = i;
while (i-- > 0) {
@@ -216,8 +220,9 @@
int ASN1_object_size(int constructed, int length, int tag) {
int ret = 1;
- if (length < 0)
+ if (length < 0) {
return -1;
+ }
if (tag >= 31) {
while (tag > 0) {
tag >>= 7;
@@ -236,16 +241,19 @@
}
}
}
- if (ret >= INT_MAX - length)
+ if (ret >= INT_MAX - length) {
return -1;
+ }
return ret + length;
}
int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str) {
- if (str == NULL)
+ if (str == NULL) {
return 0;
- if (!ASN1_STRING_set(dst, str->data, str->length))
+ }
+ if (!ASN1_STRING_set(dst, str->data, str->length)) {
return 0;
+ }
dst->type = str->type;
dst->flags = str->flags;
return 1;
@@ -253,11 +261,13 @@
ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str) {
ASN1_STRING *ret;
- if (!str)
+ if (!str) {
return NULL;
+ }
ret = ASN1_STRING_new();
- if (!ret)
+ if (!ret) {
return NULL;
+ }
if (!ASN1_STRING_copy(ret, str)) {
ASN1_STRING_free(ret);
return NULL;
@@ -270,17 +280,19 @@
const char *data = _data;
if (len < 0) {
- if (data == NULL)
+ if (data == NULL) {
return (0);
- else
+ } else {
len = strlen(data);
+ }
}
if ((str->length <= len) || (str->data == NULL)) {
c = str->data;
- if (c == NULL)
+ if (c == NULL) {
str->data = OPENSSL_malloc(len + 1);
- else
+ } else {
str->data = OPENSSL_realloc(c, len + 1);
+ }
if (str->data == NULL) {
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
@@ -323,8 +335,9 @@
}
void ASN1_STRING_free(ASN1_STRING *str) {
- if (str == NULL)
+ if (str == NULL) {
return;
+ }
OPENSSL_free(str->data);
OPENSSL_free(str);
}
diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c
index 9e68ab6..d065e20 100644
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@@ -92,10 +92,12 @@
"BMPSTRING",
};
- if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED))
+ if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED)) {
tag &= ~V_ASN1_NEG;
+ }
- if (tag < 0 || tag > 30)
+ if (tag < 0 || tag > 30) {
return "(unknown)";
+ }
return tag2str[tag];
}
diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.c
index 33da2dc..84bf667 100644
--- a/crypto/asn1/f_int.c
+++ b/crypto/asn1/f_int.c
@@ -63,30 +63,35 @@
static const char *h = "0123456789ABCDEF";
char buf[2];
- if (a == NULL)
+ if (a == NULL) {
return (0);
+ }
if (a->type & V_ASN1_NEG) {
- if (BIO_write(bp, "-", 1) != 1)
+ if (BIO_write(bp, "-", 1) != 1) {
goto err;
+ }
n = 1;
}
if (a->length == 0) {
- if (BIO_write(bp, "00", 2) != 2)
+ if (BIO_write(bp, "00", 2) != 2) {
goto err;
+ }
n += 2;
} else {
for (i = 0; i < a->length; i++) {
if ((i != 0) && (i % 35 == 0)) {
- if (BIO_write(bp, "\\\n", 2) != 2)
+ if (BIO_write(bp, "\\\n", 2) != 2) {
goto err;
+ }
n += 2;
}
buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
- if (BIO_write(bp, buf, 2) != 2)
+ if (BIO_write(bp, buf, 2) != 2) {
goto err;
+ }
n += 2;
}
}
diff --git a/crypto/asn1/f_string.c b/crypto/asn1/f_string.c
index 22a9f55..d0fca61 100644
--- a/crypto/asn1/f_string.c
+++ b/crypto/asn1/f_string.c
@@ -63,24 +63,28 @@
static const char *h = "0123456789ABCDEF";
char buf[2];
- if (a == NULL)
+ if (a == NULL) {
return (0);
+ }
if (a->length == 0) {
- if (BIO_write(bp, "0", 1) != 1)
+ if (BIO_write(bp, "0", 1) != 1) {
goto err;
+ }
n = 1;
} else {
for (i = 0; i < a->length; i++) {
if ((i != 0) && (i % 35 == 0)) {
- if (BIO_write(bp, "\\\n", 2) != 2)
+ if (BIO_write(bp, "\\\n", 2) != 2) {
goto err;
+ }
n += 2;
}
buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
- if (BIO_write(bp, buf, 2) != 2)
+ if (BIO_write(bp, buf, 2) != 2) {
goto err;
+ }
n += 2;
}
}
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index e7a48b4..f86026e 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -129,8 +129,9 @@
};
unsigned long ASN1_tag2bit(int tag) {
- if (tag < 0 || tag > 30)
+ if (tag < 0 || tag > 30) {
return 0;
+ }
return tag2bit[tag];
}
@@ -146,11 +147,13 @@
ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
const ASN1_ITEM *it) {
ASN1_VALUE *ptmpval = NULL;
- if (!pval)
+ if (!pval) {
pval = &ptmpval;
+ }
- if (asn1_item_ex_d2i(pval, in, len, it, -1, 0, 0, 0) > 0)
+ if (asn1_item_ex_d2i(pval, in, len, it, -1, 0, 0, 0) > 0) {
return *pval;
+ }
return NULL;
}
@@ -173,8 +176,9 @@
ASN1_VALUE **pchptr;
int combine = aclass & ASN1_TFLG_COMBINE;
aclass &= ~ASN1_TFLG_COMBINE;
- if (!pval)
+ if (!pval) {
return 0;
+ }
/*
* Bound |len| to comfortably fit in an int. Lengths in this module often
@@ -228,16 +232,18 @@
/* Must be UNIVERSAL class */
if (oclass != V_ASN1_UNIVERSAL) {
/* If OPTIONAL, assume this is OK */
- if (opt)
+ if (opt) {
return -1;
+ }
OPENSSL_PUT_ERROR(ASN1, ASN1_R_MSTRING_NOT_UNIVERSAL);
goto err;
}
/* Check tag matches bit map */
if (!(ASN1_tag2bit(otag) & it->utype)) {
/* If OPTIONAL, assume this is OK */
- if (opt)
+ if (opt) {
return -1;
+ }
OPENSSL_PUT_ERROR(ASN1, ASN1_R_MSTRING_WRONG_TAG);
goto err;
}
@@ -260,8 +266,9 @@
const ASN1_AUX *aux = it->funcs;
ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL;
- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) {
goto auxerr;
+ }
if (*pval) {
/* Free up and zero CHOICE value if initialised */
@@ -285,11 +292,13 @@
*/
ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, depth);
/* If field not present, try the next one */
- if (ret == -1)
+ if (ret == -1) {
continue;
+ }
/* If positive return, read OK, break loop */
- if (ret > 0)
+ if (ret > 0) {
break;
+ }
/* Otherwise must be an ASN1 parsing error */
errtt = tt;
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
@@ -309,8 +318,9 @@
}
asn1_set_choice_selector(pval, i, it);
- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) {
goto auxerr;
+ }
*in = p;
return 1;
}
@@ -328,8 +338,9 @@
if (!ret) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
goto err;
- } else if (ret == -1)
+ } else if (ret == -1) {
return -1;
+ }
if (!cst) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
goto err;
@@ -342,8 +353,9 @@
const ASN1_AUX *aux = it->funcs;
ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL;
- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) {
goto auxerr;
+ }
/* Free up and zero any ADB found */
for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
@@ -351,8 +363,9 @@
const ASN1_TEMPLATE *seqtt;
ASN1_VALUE **pseqval;
seqtt = asn1_do_adb(pval, tt, 0);
- if (seqtt == NULL)
+ if (seqtt == NULL) {
continue;
+ }
pseqval = asn1_get_field_ptr(pval, seqtt);
ASN1_template_free(pseqval, seqtt);
}
@@ -363,12 +376,14 @@
const ASN1_TEMPLATE *seqtt;
ASN1_VALUE **pseqval;
seqtt = asn1_do_adb(pval, tt, 1);
- if (seqtt == NULL)
+ if (seqtt == NULL) {
goto err;
+ }
pseqval = asn1_get_field_ptr(pval, seqtt);
/* Have we ran out of data? */
- if (!len)
+ if (!len) {
break;
+ }
q = p;
/*
* This determines the OPTIONAL flag value. The field cannot be
@@ -376,10 +391,11 @@
* data to be read. This isn't strictly necessary but it
* increases efficiency in some cases.
*/
- if (i == (it->tcount - 1))
+ if (i == (it->tcount - 1)) {
isopt = 0;
- else
+ } else {
isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL);
+ }
/*
* attempt to read in field, allowing each to be OPTIONAL
*/
@@ -413,8 +429,9 @@
for (; i < it->tcount; tt++, i++) {
const ASN1_TEMPLATE *seqtt;
seqtt = asn1_do_adb(pval, tt, 1);
- if (seqtt == NULL)
+ if (seqtt == NULL) {
goto err;
+ }
if (seqtt->flags & ASN1_TFLG_OPTIONAL) {
ASN1_VALUE **pseqval;
pseqval = asn1_get_field_ptr(pval, seqtt);
@@ -426,10 +443,12 @@
}
}
/* Save encoding */
- if (!asn1_enc_save(pval, *in, p - *in, it))
+ if (!asn1_enc_save(pval, *in, p - *in, it)) {
goto auxerr;
- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
+ }
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) {
goto auxerr;
+ }
*in = p;
return 1;
}
@@ -440,12 +459,14 @@
auxerr:
OPENSSL_PUT_ERROR(ASN1, ASN1_R_AUX_ERROR);
err:
- if (combine == 0)
+ if (combine == 0) {
ASN1_item_ex_free(pval, it);
- if (errtt)
+ }
+ if (errtt) {
ERR_add_error_data(4, "Field=", errtt->field_name, ", Type=", it->sname);
- else
+ } else {
ERR_add_error_data(2, "Type=", it->sname);
+ }
return 0;
}
@@ -467,8 +488,9 @@
int ret;
long len;
const unsigned char *p, *q;
- if (!val)
+ if (!val) {
return 0;
+ }
flags = tt->flags;
aclass = flags & ASN1_TFLG_TAG_CLASS;
@@ -487,8 +509,9 @@
if (!ret) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
return 0;
- } else if (ret == -1)
+ } else if (ret == -1) {
return -1;
+ }
if (!cst) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
return 0;
@@ -506,8 +529,9 @@
OPENSSL_PUT_ERROR(ASN1, ASN1_R_EXPLICIT_LENGTH_MISMATCH);
goto err;
}
- } else
+ } else {
return asn1_template_noexp_d2i(val, in, inlen, tt, opt, depth);
+ }
*in = p;
return 1;
@@ -523,8 +547,9 @@
int flags, aclass;
int ret;
const unsigned char *p;
- if (!val)
+ if (!val) {
return 0;
+ }
flags = tt->flags;
aclass = flags & ASN1_TFLG_TAG_CLASS;
@@ -539,10 +564,11 @@
skaclass = aclass;
} else {
skaclass = V_ASN1_UNIVERSAL;
- if (flags & ASN1_TFLG_SET_OF)
+ if (flags & ASN1_TFLG_SET_OF) {
sktag = V_ASN1_SET;
- else
+ } else {
sktag = V_ASN1_SEQUENCE;
+ }
}
/* Get the tag */
ret =
@@ -550,11 +576,12 @@
if (!ret) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
return 0;
- } else if (ret == -1)
+ } else if (ret == -1) {
return -1;
- if (!*val)
+ }
+ if (!*val) {
*val = (ASN1_VALUE *)sk_ASN1_VALUE_new_null();
- else {
+ } else {
/*
* We've got a valid STACK: free up any items present
*/
@@ -595,8 +622,9 @@
if (!ret) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
goto err;
- } else if (ret == -1)
+ } else if (ret == -1) {
return -1;
+ }
} else {
/* Nothing special */
ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), -1,
@@ -604,8 +632,9 @@
if (!ret) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
goto err;
- } else if (ret == -1)
+ } else if (ret == -1) {
return -1;
+ }
}
*in = p;
@@ -633,8 +662,9 @@
if (it->itype == ASN1_ITYPE_MSTRING) {
utype = tag;
tag = -1;
- } else
+ } else {
utype = it->utype;
+ }
if (utype == V_ASN1_ANY) {
/* If type is ANY need to figure out type from tag */
@@ -653,8 +683,9 @@
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
return 0;
}
- if (oclass != V_ASN1_UNIVERSAL)
+ if (oclass != V_ASN1_UNIVERSAL) {
utype = V_ASN1_OTHER;
+ }
}
if (tag == -1) {
tag = utype;
@@ -666,8 +697,9 @@
if (!ret) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
return 0;
- } else if (ret == -1)
+ } else if (ret == -1) {
return -1;
+ }
ret = 0;
/* SEQUENCE, SET and "OTHER" are left in encoded form */
if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
@@ -694,8 +726,9 @@
}
/* We now have content length and type: translate into a structure */
- if (!asn1_ex_c2i(pval, cont, len, utype, it))
+ if (!asn1_ex_c2i(pval, cont, len, utype, it)) {
goto err;
+ }
*in = p;
ret = 1;
@@ -721,21 +754,25 @@
if (it->utype == V_ASN1_ANY) {
if (!*pval) {
typ = ASN1_TYPE_new();
- if (typ == NULL)
+ if (typ == NULL) {
goto err;
+ }
*pval = (ASN1_VALUE *)typ;
- } else
+ } else {
typ = (ASN1_TYPE *)*pval;
+ }
- if (utype != typ->type)
+ if (utype != typ->type) {
ASN1_TYPE_set(typ, utype, NULL);
+ }
opval = pval;
pval = &typ->value.asn1_value;
}
switch (utype) {
case V_ASN1_OBJECT:
- if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len))
+ if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len)) {
goto err;
+ }
break;
case V_ASN1_NULL:
@@ -758,15 +795,17 @@
break;
case V_ASN1_BIT_STRING:
- if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len))
+ if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len)) {
goto err;
+ }
break;
case V_ASN1_INTEGER:
case V_ASN1_ENUMERATED:
tint = (ASN1_INTEGER **)pval;
- if (!c2i_ASN1_INTEGER(tint, &cont, len))
+ if (!c2i_ASN1_INTEGER(tint, &cont, len)) {
goto err;
+ }
/* Fixup type to match the expected form */
(*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
break;
@@ -835,15 +874,17 @@
break;
}
/* If ASN1_ANY and NULL type fix up value */
- if (typ && (utype == V_ASN1_NULL))
+ if (typ && (utype == V_ASN1_NULL)) {
typ->value.ptr = NULL;
+ }
ret = 1;
err:
if (!ret) {
ASN1_TYPE_free(typ);
- if (opval)
+ if (opval) {
*opval = NULL;
+ }
}
return ret;
}
@@ -872,24 +913,29 @@
/*
* If type is OPTIONAL, not an error: indicate missing type.
*/
- if (opt)
+ if (opt) {
return -1;
+ }
OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_TAG);
return 0;
}
}
- if (cst)
+ if (cst) {
*cst = i & V_ASN1_CONSTRUCTED;
+ }
- if (olen)
+ if (olen) {
*olen = plen;
+ }
- if (oclass)
+ if (oclass) {
*oclass = pclass;
+ }
- if (otag)
+ if (otag) {
*otag = ptag;
+ }
*in = p;
return 1;
diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index 3f71679..c46df2d 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -207,11 +207,13 @@
case ASN1_ITYPE_SEQUENCE: {
i = asn1_enc_restore(&seqcontlen, out, pval, it);
/* An error occurred */
- if (i < 0)
+ if (i < 0) {
return -1;
+ }
/* We have a valid cached encoding... */
- if (i > 0)
+ if (i > 0) {
return seqcontlen;
+ }
/* Otherwise carry on */
seqcontlen = 0;
/* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
@@ -225,26 +227,30 @@
ASN1_VALUE **pseqval;
int tmplen;
seqtt = asn1_do_adb(pval, tt, 1);
- if (!seqtt)
+ if (!seqtt) {
return -1;
+ }
pseqval = asn1_get_field_ptr(pval, seqtt);
tmplen = asn1_template_ex_i2d(pseqval, NULL, seqtt, -1, 0);
- if (tmplen == -1 || (tmplen > INT_MAX - seqcontlen))
+ if (tmplen == -1 || (tmplen > INT_MAX - seqcontlen)) {
return -1;
+ }
seqcontlen += tmplen;
}
seqlen = ASN1_object_size(/*constructed=*/1, seqcontlen, tag);
- if (!out || seqlen == -1)
+ if (!out || seqlen == -1) {
return seqlen;
+ }
/* Output SEQUENCE header */
ASN1_put_object(out, /*constructed=*/1, seqcontlen, tag, aclass);
for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
const ASN1_TEMPLATE *seqtt;
ASN1_VALUE **pseqval;
seqtt = asn1_do_adb(pval, tt, 1);
- if (!seqtt)
+ if (!seqtt) {
return -1;
+ }
pseqval = asn1_get_field_ptr(pval, seqtt);
if (asn1_template_ex_i2d(pseqval, out, seqtt, -1, 0) < 0) {
return -1;
@@ -338,10 +344,11 @@
skaclass = tclass;
} else {
skaclass = V_ASN1_UNIVERSAL;
- if (isset)
+ if (isset) {
sktag = V_ASN1_SET;
- else
+ } else {
sktag = V_ASN1_SEQUENCE;
+ }
}
/* Determine total length of items */
@@ -350,26 +357,31 @@
int tmplen;
skitem = sk_ASN1_VALUE_value(sk, j);
tmplen = ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item), -1, 0);
- if (tmplen == -1 || (skcontlen > INT_MAX - tmplen))
+ if (tmplen == -1 || (skcontlen > INT_MAX - tmplen)) {
return -1;
+ }
skcontlen += tmplen;
}
sklen = ASN1_object_size(/*constructed=*/1, skcontlen, sktag);
- if (sklen == -1)
+ if (sklen == -1) {
return -1;
+ }
/* If EXPLICIT need length of surrounding tag */
- if (flags & ASN1_TFLG_EXPTAG)
+ if (flags & ASN1_TFLG_EXPTAG) {
ret = ASN1_object_size(/*constructed=*/1, sklen, ttag);
- else
+ } else {
ret = sklen;
+ }
- if (!out || ret == -1)
+ if (!out || ret == -1) {
return ret;
+ }
/* Now encode this lot... */
/* EXPLICIT tag */
- if (flags & ASN1_TFLG_EXPTAG)
+ if (flags & ASN1_TFLG_EXPTAG) {
ASN1_put_object(out, /*constructed=*/1, sklen, ttag, tclass);
+ }
/* SET or SEQUENCE and IMPLICIT tag */
ASN1_put_object(out, /*constructed=*/1, skcontlen, sktag, skaclass);
/* And the stuff itself */
@@ -384,8 +396,9 @@
/* Find length of tagged item */
i = asn1_item_ex_i2d_opt(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, 0,
optional);
- if (i <= 0)
+ if (i <= 0) {
return i;
+ }
/* Find length of EXPLICIT tag */
ret = ASN1_object_size(/*constructed=*/1, i, ttag);
if (out && ret != -1) {
@@ -415,8 +428,9 @@
int cmplen, i;
cmplen = (d1->length < d2->length) ? d1->length : d2->length;
i = OPENSSL_memcmp(d1->data, d2->data, cmplen);
- if (i)
+ if (i) {
return i;
+ }
return d1->length - d2->length;
}
@@ -510,8 +524,9 @@
utype != V_ASN1_SEQUENCE && utype != V_ASN1_SET && utype != V_ASN1_OTHER;
/* If not implicitly tagged get tag from underlying type */
- if (tag == -1)
+ if (tag == -1) {
tag = utype;
+ }
/* Output tag+length followed by content octets */
if (out) {
@@ -609,8 +624,9 @@
}
*putype = utype;
pval = &typ->value.asn1_value;
- } else
+ } else {
utype = *putype;
+ }
switch (utype) {
case V_ASN1_OBJECT:
@@ -688,7 +704,8 @@
break;
}
- if (cout && len)
+ if (cout && len) {
OPENSSL_memcpy(cout, cont, len);
+ }
return len;
}
diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c
index a0de62b..be0d33d 100644
--- a/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.c
@@ -78,17 +78,20 @@
const ASN1_TEMPLATE *tt = NULL, *seqtt;
const ASN1_EXTERN_FUNCS *ef;
int i;
- if (!pval)
+ if (!pval) {
return;
- if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
+ }
+ if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) {
return;
+ }
switch (it->itype) {
case ASN1_ITYPE_PRIMITIVE:
- if (it->templates)
+ if (it->templates) {
ASN1_template_free(pval, it->templates);
- else
+ } else {
ASN1_primitive_free(pval, it);
+ }
break;
case ASN1_ITYPE_MSTRING:
@@ -100,8 +103,9 @@
ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL;
if (asn1_cb) {
i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
- if (i == 2)
+ if (i == 2) {
return;
+ }
}
i = asn1_get_choice_selector(pval, it);
if ((i >= 0) && (i < it->tcount)) {
@@ -110,8 +114,9 @@
pchval = asn1_get_field_ptr(pval, tt);
ASN1_template_free(pchval, tt);
}
- if (asn1_cb)
+ if (asn1_cb) {
asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
+ }
if (!combine) {
OPENSSL_free(*pval);
*pval = NULL;
@@ -121,19 +126,22 @@
case ASN1_ITYPE_EXTERN:
ef = it->funcs;
- if (ef && ef->asn1_ex_free)
+ if (ef && ef->asn1_ex_free) {
ef->asn1_ex_free(pval, it);
+ }
break;
case ASN1_ITYPE_SEQUENCE: {
- if (!asn1_refcount_dec_and_test_zero(pval, it))
+ if (!asn1_refcount_dec_and_test_zero(pval, it)) {
return;
+ }
const ASN1_AUX *aux = it->funcs;
ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL;
if (asn1_cb) {
i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
- if (i == 2)
+ if (i == 2) {
return;
+ }
}
asn1_enc_free(pval, it);
/*
@@ -145,13 +153,15 @@
for (i = 0; i < it->tcount; tt--, i++) {
ASN1_VALUE **pseqval;
seqtt = asn1_do_adb(pval, tt, 0);
- if (!seqtt)
+ if (!seqtt) {
continue;
+ }
pseqval = asn1_get_field_ptr(pval, seqtt);
ASN1_template_free(pseqval, seqtt);
}
- if (asn1_cb)
+ if (asn1_cb) {
asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
+ }
if (!combine) {
OPENSSL_free(*pval);
*pval = NULL;
@@ -172,9 +182,10 @@
}
sk_ASN1_VALUE_free(sk);
*pval = NULL;
- } else
+ } else {
asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item),
tt->flags & ASN1_TFLG_COMBINE);
+ }
}
void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it) {
@@ -187,16 +198,19 @@
ASN1_TYPE *typ = (ASN1_TYPE *)*pval;
utype = typ->type;
pval = &typ->value.asn1_value;
- if (utype != V_ASN1_BOOLEAN && !*pval)
+ if (utype != V_ASN1_BOOLEAN && !*pval) {
return;
+ }
} else if (it->itype == ASN1_ITYPE_MSTRING) {
utype = -1;
- if (!*pval)
+ if (!*pval) {
return;
+ }
} else {
utype = it->utype;
- if ((utype != V_ASN1_BOOLEAN) && !*pval)
+ if ((utype != V_ASN1_BOOLEAN) && !*pval) {
return;
+ }
}
switch (utype) {
@@ -205,10 +219,11 @@
break;
case V_ASN1_BOOLEAN:
- if (it)
+ if (it) {
*(ASN1_BOOLEAN *)pval = it->size;
- else
+ } else {
*(ASN1_BOOLEAN *)pval = -1;
+ }
return;
case V_ASN1_NULL:
diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c
index 6da1631..f6cd96f 100644
--- a/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.c
@@ -77,8 +77,9 @@
ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it) {
ASN1_VALUE *ret = NULL;
- if (ASN1_item_ex_new(&ret, it) > 0)
+ if (ASN1_item_ex_new(&ret, it) > 0) {
return ret;
+ }
return NULL;
}
@@ -99,22 +100,26 @@
case ASN1_ITYPE_EXTERN:
ef = it->funcs;
if (ef && ef->asn1_ex_new) {
- if (!ef->asn1_ex_new(pval, it))
+ if (!ef->asn1_ex_new(pval, it)) {
goto memerr;
+ }
}
break;
case ASN1_ITYPE_PRIMITIVE:
if (it->templates) {
- if (!ASN1_template_new(pval, it->templates))
+ if (!ASN1_template_new(pval, it->templates)) {
goto memerr;
- } else if (!ASN1_primitive_new(pval, it))
+ }
+ } else if (!ASN1_primitive_new(pval, it)) {
goto memerr;
+ }
break;
case ASN1_ITYPE_MSTRING:
- if (!ASN1_primitive_new(pval, it))
+ if (!ASN1_primitive_new(pval, it)) {
goto memerr;
+ }
break;
case ASN1_ITYPE_CHOICE: {
@@ -122,21 +127,24 @@
ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL;
if (asn1_cb) {
i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL);
- if (!i)
+ if (!i) {
goto auxerr;
+ }
if (i == 2) {
return 1;
}
}
if (!combine) {
*pval = OPENSSL_malloc(it->size);
- if (!*pval)
+ if (!*pval) {
goto memerr;
+ }
OPENSSL_memset(*pval, 0, it->size);
}
asn1_set_choice_selector(pval, -1, it);
- if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
+ if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) {
goto auxerr2;
+ }
break;
}
@@ -145,27 +153,31 @@
ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL;
if (asn1_cb) {
i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL);
- if (!i)
+ if (!i) {
goto auxerr;
+ }
if (i == 2) {
return 1;
}
}
if (!combine) {
*pval = OPENSSL_malloc(it->size);
- if (!*pval)
+ if (!*pval) {
goto memerr;
+ }
OPENSSL_memset(*pval, 0, it->size);
asn1_refcount_set_one(pval, it);
asn1_enc_init(pval, it);
}
for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
pseqval = asn1_get_field_ptr(pval, tt);
- if (!ASN1_template_new(pseqval, tt))
+ if (!ASN1_template_new(pseqval, tt)) {
goto memerr2;
+ }
}
- if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
+ if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) {
goto auxerr2;
+ }
break;
}
}
@@ -190,17 +202,19 @@
switch (it->itype) {
case ASN1_ITYPE_EXTERN:
ef = it->funcs;
- if (ef && ef->asn1_ex_clear)
+ if (ef && ef->asn1_ex_clear) {
ef->asn1_ex_clear(pval, it);
- else
+ } else {
*pval = NULL;
+ }
break;
case ASN1_ITYPE_PRIMITIVE:
- if (it->templates)
+ if (it->templates) {
asn1_template_clear(pval, it->templates);
- else
+ } else {
asn1_primitive_clear(pval, it);
+ }
break;
case ASN1_ITYPE_MSTRING:
@@ -248,10 +262,11 @@
static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) {
/* If ADB or STACK just NULL the field */
- if (tt->flags & (ASN1_TFLG_ADB_MASK | ASN1_TFLG_SK_MASK))
+ if (tt->flags & (ASN1_TFLG_ADB_MASK | ASN1_TFLG_SK_MASK)) {
*pval = NULL;
- else
+ } else {
asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item));
+ }
}
/*
@@ -263,17 +278,19 @@
ASN1_TYPE *typ;
int utype;
- if (!it)
+ if (!it) {
return 0;
+ }
/* Historically, |it->funcs| for primitive types contained an
* |ASN1_PRIMITIVE_FUNCS| table of calbacks. */
assert(it->funcs == NULL);
- if (it->itype == ASN1_ITYPE_MSTRING)
+ if (it->itype == ASN1_ITYPE_MSTRING) {
utype = -1;
- else
+ } else {
utype = it->utype;
+ }
switch (utype) {
case V_ASN1_OBJECT:
*pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef);
@@ -289,8 +306,9 @@
case V_ASN1_ANY:
typ = OPENSSL_malloc(sizeof(ASN1_TYPE));
- if (!typ)
+ if (!typ) {
return 0;
+ }
typ->value.ptr = NULL;
typ->type = -1;
*pval = (ASN1_VALUE *)typ;
@@ -300,8 +318,9 @@
*pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype);
break;
}
- if (*pval)
+ if (*pval) {
return 1;
+ }
return 0;
}
@@ -310,12 +329,14 @@
/* Historically, |it->funcs| for primitive types contained an
* |ASN1_PRIMITIVE_FUNCS| table of calbacks. */
assert(it == NULL || it->funcs == NULL);
- if (!it || (it->itype == ASN1_ITYPE_MSTRING))
+ if (!it || (it->itype == ASN1_ITYPE_MSTRING)) {
utype = -1;
- else
+ } else {
utype = it->utype;
- if (utype == V_ASN1_BOOLEAN)
+ }
+ if (utype == V_ASN1_BOOLEAN) {
*(ASN1_BOOLEAN *)pval = it->size;
- else
+ } else {
*pval = NULL;
+ }
}
diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c
index 5b3cc0e..e211d5d 100644
--- a/crypto/pem/pem_all.c
+++ b/crypto/pem/pem_all.c
@@ -135,12 +135,14 @@
*/
static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa) {
RSA *rtmp;
- if (!key)
+ if (!key) {
return NULL;
+ }
rtmp = EVP_PKEY_get1_RSA(key);
EVP_PKEY_free(key);
- if (!rtmp)
+ if (!rtmp) {
return NULL;
+ }
if (rsa) {
RSA_free(*rsa);
*rsa = rtmp;
@@ -169,12 +171,14 @@
#ifndef OPENSSL_NO_DSA
static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa) {
DSA *dtmp;
- if (!key)
+ if (!key) {
return NULL;
+ }
dtmp = EVP_PKEY_get1_DSA(key);
EVP_PKEY_free(key);
- if (!dtmp)
+ if (!dtmp) {
return NULL;
+ }
if (dsa) {
DSA_free(*dsa);
*dsa = dtmp;
@@ -202,12 +206,14 @@
#endif
static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey) {
EC_KEY *dtmp;
- if (!key)
+ if (!key) {
return NULL;
+ }
dtmp = EVP_PKEY_get1_EC_KEY(key);
EVP_PKEY_free(key);
- if (!dtmp)
+ if (!dtmp) {
return NULL;
+ }
if (eckey) {
EC_KEY_free(*eckey);
*eckey = dtmp;
diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c
index f5abbc0..40f34ee 100644
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@@ -320,20 +320,23 @@
/* use the normal code to write things out */
i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
- if (i <= 0)
+ if (i <= 0) {
goto err;
+ }
} else {
/* Add DSA/DH */
/* normal optionally encrypted stuff */
if (PEM_write_bio_RSAPrivateKey(bp, xi->x_pkey->dec_pkey->pkey.rsa, enc,
- kstr, klen, cb, u) <= 0)
+ kstr, klen, cb, u) <= 0) {
goto err;
+ }
}
}
/* if we have a certificate then write it out now */
- if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0))
+ if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0)) {
goto err;
+ }
/*
* we are ignoring anything else that is loaded into the X509_INFO
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index da4c838..1f7c05f 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -82,14 +82,15 @@
void PEM_proc_type(char *buf, int type) {
const char *str;
- if (type == PEM_TYPE_ENCRYPTED)
+ if (type == PEM_TYPE_ENCRYPTED) {
str = "ENCRYPTED";
- else if (type == PEM_TYPE_MIC_CLEAR)
+ } else if (type == PEM_TYPE_MIC_CLEAR) {
str = "MIC-CLEAR";
- else if (type == PEM_TYPE_MIC_ONLY)
+ } else if (type == PEM_TYPE_MIC_ONLY) {
str = "MIC-ONLY";
- else
+ } else {
str = "BAD-TYPE";
+ }
OPENSSL_strlcat(buf, "Proc-Type: 4,", PEM_BUFSIZE);
OPENSSL_strlcat(buf, str, PEM_BUFSIZE);
@@ -105,8 +106,9 @@
OPENSSL_strlcat(buf, type, PEM_BUFSIZE);
OPENSSL_strlcat(buf, ",", PEM_BUFSIZE);
j = strlen(buf);
- if (j + (len * 2) + 1 > PEM_BUFSIZE)
+ if (j + (len * 2) + 1 > PEM_BUFSIZE) {
return;
+ }
for (i = 0; i < len; i++) {
buf[j + i * 2] = map[(str[i] >> 4) & 0x0f];
buf[j + i * 2 + 1] = map[(str[i]) & 0x0f];
@@ -129,8 +131,9 @@
static int check_pem(const char *nm, const char *name) {
/* Normal matching nm and name */
- if (!strcmp(nm, name))
+ if (!strcmp(nm, name)) {
return 1;
+ }
/* Make PEM_STRING_EVP_PKEY match any private key */
@@ -142,34 +145,42 @@
/* Permit older strings */
- if (!strcmp(nm, PEM_STRING_X509_OLD) && !strcmp(name, PEM_STRING_X509))
+ if (!strcmp(nm, PEM_STRING_X509_OLD) && !strcmp(name, PEM_STRING_X509)) {
return 1;
+ }
if (!strcmp(nm, PEM_STRING_X509_REQ_OLD) &&
- !strcmp(name, PEM_STRING_X509_REQ))
+ !strcmp(name, PEM_STRING_X509_REQ)) {
return 1;
+ }
/* Allow normal certs to be read as trusted certs */
- if (!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_X509_TRUSTED))
+ if (!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_X509_TRUSTED)) {
return 1;
+ }
if (!strcmp(nm, PEM_STRING_X509_OLD) &&
- !strcmp(name, PEM_STRING_X509_TRUSTED))
+ !strcmp(name, PEM_STRING_X509_TRUSTED)) {
return 1;
+ }
/* Some CAs use PKCS#7 with CERTIFICATE headers */
- if (!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_PKCS7))
+ if (!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_PKCS7)) {
return 1;
+ }
- if (!strcmp(nm, PEM_STRING_PKCS7_SIGNED) && !strcmp(name, PEM_STRING_PKCS7))
+ if (!strcmp(nm, PEM_STRING_PKCS7_SIGNED) && !strcmp(name, PEM_STRING_PKCS7)) {
return 1;
+ }
#ifndef OPENSSL_NO_CMS
- if (!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_CMS))
+ if (!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_CMS)) {
return 1;
+ }
/* Allow CMS to be read from PKCS#7 headers */
- if (!strcmp(nm, PEM_STRING_PKCS7) && !strcmp(name, PEM_STRING_CMS))
+ if (!strcmp(nm, PEM_STRING_PKCS7) && !strcmp(name, PEM_STRING_CMS)) {
return 1;
+ }
#endif
return 0;
@@ -212,31 +223,37 @@
}
return 0;
}
- if (check_pem(nm, name))
+ if (check_pem(nm, name)) {
break;
+ }
OPENSSL_free(nm);
OPENSSL_free(header);
OPENSSL_free(data);
}
- if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
+ if (!PEM_get_EVP_CIPHER_INFO(header, &cipher)) {
goto err;
- if (!PEM_do_header(&cipher, data, &len, cb, u))
+ }
+ if (!PEM_do_header(&cipher, data, &len, cb, u)) {
goto err;
+ }
*pdata = data;
*plen = len;
- if (pnm)
+ if (pnm) {
*pnm = nm;
+ }
ret = 1;
err:
- if (!ret || !pnm)
+ if (!ret || !pnm) {
OPENSSL_free(nm);
+ }
OPENSSL_free(header);
- if (!ret)
+ if (!ret) {
OPENSSL_free(data);
+ }
return ret;
}
@@ -293,8 +310,9 @@
if (kstr == NULL) {
klen = 0;
- if (!callback)
+ if (!callback) {
callback = PEM_def_callback;
+ }
klen = (*callback)(buf, PEM_BUFSIZE, 1, u);
if (klen <= 0) {
OPENSSL_PUT_ERROR(PEM, PEM_R_READ_KEY);
@@ -303,17 +321,20 @@
kstr = (unsigned char *)buf;
}
assert(iv_len <= (int)sizeof(iv));
- if (!RAND_bytes(iv, iv_len)) /* Generate a salt */
+ if (!RAND_bytes(iv, iv_len)) { /* Generate a salt */
goto err;
+ }
/*
* The 'iv' is used as the iv and as a salt. It is NOT taken from
* the BytesToKey function
*/
- if (!EVP_BytesToKey(enc, EVP_md5(), iv, kstr, klen, 1, key, NULL))
+ if (!EVP_BytesToKey(enc, EVP_md5(), iv, kstr, klen, 1, key, NULL)) {
goto err;
+ }
- if (kstr == (unsigned char *)buf)
+ if (kstr == (unsigned char *)buf) {
OPENSSL_cleanse(buf, PEM_BUFSIZE);
+ }
assert(strlen(objstr) + 23 + 2 * iv_len + 13 <= sizeof buf);
@@ -326,20 +347,23 @@
ret = 1;
if (!EVP_EncryptInit_ex(&ctx, enc, NULL, key, iv) ||
!EVP_EncryptUpdate(&ctx, data, &j, data, i) ||
- !EVP_EncryptFinal_ex(&ctx, &(data[j]), &i))
+ !EVP_EncryptFinal_ex(&ctx, &(data[j]), &i)) {
ret = 0;
- else
+ } else {
i += j;
+ }
EVP_CIPHER_CTX_cleanup(&ctx);
- if (ret == 0)
+ if (ret == 0) {
goto err;
+ }
} else {
ret = 1;
buf[0] = '\0';
}
i = PEM_write_bio(bp, name, buf, data, i);
- if (i <= 0)
+ if (i <= 0) {
ret = 0;
+ }
err:
OPENSSL_cleanse(key, sizeof(key));
OPENSSL_cleanse(iv, sizeof(iv));
@@ -359,12 +383,14 @@
len = *plen;
- if (cipher->cipher == NULL)
+ if (cipher->cipher == NULL) {
return (1);
+ }
klen = 0;
- if (!callback)
+ if (!callback) {
callback = PEM_def_callback;
+ }
klen = callback(buf, PEM_BUFSIZE, 0, u);
if (klen <= 0) {
OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_PASSWORD_READ);
@@ -372,16 +398,19 @@
}
if (!EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]),
- (unsigned char *)buf, klen, 1, key, NULL))
+ (unsigned char *)buf, klen, 1, key, NULL)) {
return 0;
+ }
j = (int)len;
EVP_CIPHER_CTX_init(&ctx);
o = EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key, &(cipher->iv[0]));
- if (o)
+ if (o) {
o = EVP_DecryptUpdate(&ctx, data, &i, data, j);
- if (o)
+ }
+ if (o) {
o = EVP_DecryptFinal_ex(&ctx, &(data[i]), &j);
+ }
EVP_CIPHER_CTX_cleanup(&ctx);
OPENSSL_cleanse((char *)buf, sizeof(buf));
OPENSSL_cleanse((char *)key, sizeof(key));
@@ -401,25 +430,29 @@
cipher->cipher = NULL;
OPENSSL_memset(cipher->iv, 0, sizeof(cipher->iv));
- if ((header == NULL) || (*header == '\0') || (*header == '\n'))
+ if ((header == NULL) || (*header == '\0') || (*header == '\n')) {
return (1);
+ }
if (strncmp(header, "Proc-Type: ", 11) != 0) {
OPENSSL_PUT_ERROR(PEM, PEM_R_NOT_PROC_TYPE);
return (0);
}
header += 11;
- if (*header != '4')
+ if (*header != '4') {
return (0);
+ }
header++;
- if (*header != ',')
+ if (*header != ',') {
return (0);
+ }
header++;
if (strncmp(header, "ENCRYPTED", 9) != 0) {
OPENSSL_PUT_ERROR(PEM, PEM_R_NOT_ENCRYPTED);
return (0);
}
- for (; (*header != '\n') && (*header != '\0'); header++)
+ for (; (*header != '\n') && (*header != '\0'); header++) {
;
+ }
if (*header == '\0') {
OPENSSL_PUT_ERROR(PEM, PEM_R_SHORT_HEADER);
return (0);
@@ -435,8 +468,9 @@
for (;;) {
c = *header;
if (!(((c >= 'A') && (c <= 'Z')) || (c == '-') ||
- ((c >= '0') && (c <= '9'))))
+ ((c >= '0') && (c <= '9')))) {
break;
+ }
header++;
}
*header = '\0';
@@ -455,8 +489,9 @@
OPENSSL_PUT_ERROR(PEM, PEM_R_UNSUPPORTED_ENCRYPTION);
return 0;
}
- if (!load_iv(header_pp, &(cipher->iv[0]), EVP_CIPHER_iv_length(enc)))
+ if (!load_iv(header_pp, &(cipher->iv[0]), EVP_CIPHER_iv_length(enc))) {
return (0);
+ }
return (1);
}
@@ -466,17 +501,18 @@
char *from;
from = *fromp;
- for (i = 0; i < num; i++)
+ for (i = 0; i < num; i++) {
to[i] = 0;
+ }
num *= 2;
for (i = 0; i < num; i++) {
- if ((*from >= '0') && (*from <= '9'))
+ if ((*from >= '0') && (*from <= '9')) {
v = *from - '0';
- else if ((*from >= 'A') && (*from <= 'F'))
+ } else if ((*from >= 'A') && (*from <= 'F')) {
v = *from - 'A' + 10;
- else if ((*from >= 'a') && (*from <= 'f'))
+ } else if ((*from >= 'a') && (*from <= 'f')) {
v = *from - 'a' + 10;
- else {
+ } else {
OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_IV_CHARS);
return (0);
}
@@ -511,13 +547,16 @@
nlen = strlen(name);
if ((BIO_write(bp, "-----BEGIN ", 11) != 11) ||
- (BIO_write(bp, name, nlen) != nlen) || (BIO_write(bp, "-----\n", 6) != 6))
+ (BIO_write(bp, name, nlen) != nlen) ||
+ (BIO_write(bp, "-----\n", 6) != 6)) {
goto err;
+ }
i = strlen(header);
if (i > 0) {
- if ((BIO_write(bp, header, i) != i) || (BIO_write(bp, "\n", 1) != 1))
+ if ((BIO_write(bp, header, i) != i) || (BIO_write(bp, "\n", 1) != 1)) {
goto err;
+ }
}
buf = OPENSSL_malloc(PEM_BUFSIZE * 8);
@@ -530,20 +569,24 @@
while (len > 0) {
n = (int)((len > (PEM_BUFSIZE * 5)) ? (PEM_BUFSIZE * 5) : len);
EVP_EncodeUpdate(&ctx, buf, &outl, &(data[j]), n);
- if ((outl) && (BIO_write(bp, (char *)buf, outl) != outl))
+ if ((outl) && (BIO_write(bp, (char *)buf, outl) != outl)) {
goto err;
+ }
i += outl;
len -= n;
j += n;
}
EVP_EncodeFinal(&ctx, buf, &outl);
- if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl))
+ if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl)) {
goto err;
+ }
OPENSSL_free(buf);
buf = NULL;
if ((BIO_write(bp, "-----END ", 9) != 9) ||
- (BIO_write(bp, name, nlen) != nlen) || (BIO_write(bp, "-----\n", 6) != 6))
+ (BIO_write(bp, name, nlen) != nlen) ||
+ (BIO_write(bp, "-----\n", 6) != 6)) {
goto err;
+ }
return (i + outl);
err:
if (buf) {
@@ -594,16 +637,18 @@
goto err;
}
- while ((i >= 0) && (buf[i] <= ' '))
+ while ((i >= 0) && (buf[i] <= ' ')) {
i--;
+ }
buf[++i] = '\n';
buf[++i] = '\0';
if (strncmp(buf, "-----BEGIN ", 11) == 0) {
i = strlen(&(buf[11]));
- if (strncmp(&(buf[11 + i - 6]), "-----\n", 6) != 0)
+ if (strncmp(&(buf[11 + i - 6]), "-----\n", 6) != 0) {
continue;
+ }
if (!BUF_MEM_grow(nameB, i + 9)) {
OPENSSL_PUT_ERROR(PEM, ERR_R_MALLOC_FAILURE);
goto err;
@@ -621,16 +666,19 @@
headerB->data[0] = '\0';
for (;;) {
i = BIO_gets(bp, buf, 254);
- if (i <= 0)
+ if (i <= 0) {
break;
+ }
- while ((i >= 0) && (buf[i] <= ' '))
+ while ((i >= 0) && (buf[i] <= ' ')) {
i--;
+ }
buf[++i] = '\n';
buf[++i] = '\0';
- if (buf[0] == '\n')
+ if (buf[0] == '\n') {
break;
+ }
if (!BUF_MEM_grow(headerB, hl + i + 9)) {
OPENSSL_PUT_ERROR(PEM, ERR_R_MALLOC_FAILURE);
goto err;
@@ -653,20 +701,25 @@
if (!nohead) {
for (;;) {
i = BIO_gets(bp, buf, 254);
- if (i <= 0)
+ if (i <= 0) {
break;
+ }
- while ((i >= 0) && (buf[i] <= ' '))
+ while ((i >= 0) && (buf[i] <= ' ')) {
i--;
+ }
buf[++i] = '\n';
buf[++i] = '\0';
- if (i != 65)
+ if (i != 65) {
end = 1;
- if (strncmp(buf, "-----END ", 9) == 0)
+ }
+ if (strncmp(buf, "-----END ", 9) == 0) {
break;
- if (i > 65)
+ }
+ if (i > 65) {
break;
+ }
if (!BUF_MEM_grow_clean(dataB, i + bl + 9)) {
OPENSSL_PUT_ERROR(PEM, ERR_R_MALLOC_FAILURE);
goto err;
@@ -677,11 +730,13 @@
if (end) {
buf[0] = '\0';
i = BIO_gets(bp, buf, 254);
- if (i <= 0)
+ if (i <= 0) {
break;
+ }
- while ((i >= 0) && (buf[i] <= ' '))
+ while ((i >= 0) && (buf[i] <= ' ')) {
i--;
+ }
buf[++i] = '\n';
buf[++i] = '\0';
@@ -716,8 +771,9 @@
}
bl += k;
- if (bl == 0)
+ if (bl == 0) {
goto err;
+ }
*name = nameB->data;
*header = headerB->data;
*data = (unsigned char *)dataB->data;
diff --git a/crypto/pem/pem_oth.c b/crypto/pem/pem_oth.c
index 4323ef0..7cb4e08 100644
--- a/crypto/pem/pem_oth.c
+++ b/crypto/pem/pem_oth.c
@@ -75,12 +75,14 @@
long len;
char *ret = NULL;
- if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u))
+ if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u)) {
return NULL;
+ }
p = data;
ret = d2i(x, &p, len);
- if (ret == NULL)
+ if (ret == NULL) {
OPENSSL_PUT_ERROR(PEM, ERR_R_ASN1_LIB);
+ }
OPENSSL_free(data);
return ret;
}
diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
index c701ca8..53b2703 100644
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
@@ -114,8 +114,9 @@
if (enc || (nid != -1)) {
if (!kstr) {
klen = 0;
- if (!cb)
+ if (!cb) {
cb = PEM_def_callback;
+ }
klen = cb(buf, PEM_BUFSIZE, 1, u);
if (klen <= 0) {
OPENSSL_PUT_ERROR(PEM, PEM_R_READ_KEY);
@@ -126,20 +127,23 @@
kstr = buf;
}
p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
- if (kstr == buf)
+ if (kstr == buf) {
OPENSSL_cleanse(buf, klen);
+ }
PKCS8_PRIV_KEY_INFO_free(p8inf);
- if (isder)
+ if (isder) {
ret = i2d_PKCS8_bio(bp, p8);
- else
+ } else {
ret = PEM_write_bio_PKCS8(bp, p8);
+ }
X509_SIG_free(p8);
return ret;
} else {
- if (isder)
+ if (isder) {
ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
- else
+ } else {
ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
+ }
PKCS8_PRIV_KEY_INFO_free(p8inf);
return ret;
}
@@ -153,12 +157,14 @@
EVP_PKEY *ret;
char psbuf[PEM_BUFSIZE];
p8 = d2i_PKCS8_bio(bp, NULL);
- if (!p8)
+ if (!p8) {
return NULL;
+ }
klen = 0;
- if (!cb)
+ if (!cb) {
cb = PEM_def_callback;
+ }
klen = cb(psbuf, PEM_BUFSIZE, 0, u);
if (klen <= 0) {
OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_PASSWORD_READ);
@@ -168,15 +174,18 @@
p8inf = PKCS8_decrypt(p8, psbuf, klen);
X509_SIG_free(p8);
OPENSSL_cleanse(psbuf, klen);
- if (!p8inf)
+ if (!p8inf) {
return NULL;
+ }
ret = EVP_PKCS82PKEY(p8inf);
PKCS8_PRIV_KEY_INFO_free(p8inf);
- if (!ret)
+ if (!ret) {
return NULL;
+ }
if (x) {
- if (*x)
+ if (*x) {
EVP_PKEY_free(*x);
+ }
*x = ret;
}
return ret;
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index 05ff808..b612304 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -76,19 +76,22 @@
long len;
EVP_PKEY *ret = NULL;
- if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
+ if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u)) {
return NULL;
+ }
p = data;
if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) {
PKCS8_PRIV_KEY_INFO *p8inf;
p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
- if (!p8inf)
+ if (!p8inf) {
goto p8err;
+ }
ret = EVP_PKCS82PKEY(p8inf);
if (x) {
- if (*x)
+ if (*x) {
EVP_PKEY_free((EVP_PKEY *)*x);
+ }
*x = ret;
}
PKCS8_PRIV_KEY_INFO_free(p8inf);
@@ -98,12 +101,14 @@
int klen;
char psbuf[PEM_BUFSIZE];
p8 = d2i_X509_SIG(NULL, &p, len);
- if (!p8)
+ if (!p8) {
goto p8err;
+ }
klen = 0;
- if (!cb)
+ if (!cb) {
cb = PEM_def_callback;
+ }
klen = cb(psbuf, PEM_BUFSIZE, 0, u);
if (klen <= 0) {
OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_PASSWORD_READ);
@@ -113,12 +118,14 @@
p8inf = PKCS8_decrypt(p8, psbuf, klen);
X509_SIG_free(p8);
OPENSSL_cleanse(psbuf, klen);
- if (!p8inf)
+ if (!p8inf) {
goto p8err;
+ }
ret = EVP_PKCS82PKEY(p8inf);
if (x) {
- if (*x)
+ if (*x) {
EVP_PKEY_free((EVP_PKEY *)*x);
+ }
*x = ret;
}
PKCS8_PRIV_KEY_INFO_free(p8inf);
@@ -133,8 +140,9 @@
ret = d2i_PrivateKey(EVP_PKEY_DSA, x, &p, len);
}
p8err:
- if (ret == NULL)
+ if (ret == NULL) {
OPENSSL_PUT_ERROR(PEM, ERR_R_ASN1_LIB);
+ }
err:
OPENSSL_free(nm);
diff --git a/crypto/x509/a_digest.c b/crypto/x509/a_digest.c
index a4dc37a..adc6313 100644
--- a/crypto/x509/a_digest.c
+++ b/crypto/x509/a_digest.c
@@ -85,8 +85,9 @@
unsigned char *str = NULL;
i = ASN1_item_i2d(asn, &str, it);
- if (!str)
+ if (!str) {
return (0);
+ }
ret = EVP_Digest(str, i, md, len, type, NULL);
OPENSSL_free(str);
diff --git a/crypto/x509/a_sign.c b/crypto/x509/a_sign.c
index adc1165..815d143 100644
--- a/crypto/x509/a_sign.c
+++ b/crypto/x509/a_sign.c
@@ -107,8 +107,9 @@
OPENSSL_PUT_ERROR(X509, ERR_R_EVP_LIB);
goto err;
}
- if (signature->data != NULL)
+ if (signature->data != NULL) {
OPENSSL_free(signature->data);
+ }
signature->data = buf_out;
buf_out = NULL;
signature->length = outl;
diff --git a/crypto/x509/asn1_gen.c b/crypto/x509/asn1_gen.c
index c3c739d..e56da9a 100644
--- a/crypto/x509/asn1_gen.c
+++ b/crypto/x509/asn1_gen.c
@@ -140,8 +140,9 @@
ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf) {
int err = 0;
ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err);
- if (err)
+ if (err) {
OPENSSL_PUT_ERROR(ASN1, err);
+ }
return ret;
}
@@ -181,15 +182,18 @@
return NULL;
}
ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf, depth, perr);
- } else
+ } else {
ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
+ }
- if (!ret)
+ if (!ret) {
return NULL;
+ }
/* If no tagging return base type */
- if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))
+ if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0)) {
return ret;
+ }
/* Generate the encoding */
cpy_len = i2d_ASN1_TYPE(ret, &orig_der);
@@ -203,8 +207,9 @@
/* If IMPLICIT we will replace the underlying tag */
/* Skip existing tag+len */
r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, cpy_len);
- if (r & 0x80)
+ if (r & 0x80) {
goto err;
+ }
/* Update copy length */
cpy_len -= cpy_start - orig_der;
/*
@@ -217,8 +222,9 @@
* it will mess up if indefinite length
*/
len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);
- } else
+ } else {
len = cpy_len;
+ }
/* Work out length in any EXPLICIT, starting from end */
@@ -234,8 +240,9 @@
/* Allocate buffer for new encoding */
new_der = OPENSSL_malloc(len);
- if (!new_der)
+ if (!new_der) {
goto err;
+ }
/* Generate tagged encoding */
@@ -246,8 +253,9 @@
for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; i++, etmp++) {
ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len, etmp->exp_tag,
etmp->exp_class);
- if (etmp->exp_pad)
+ if (etmp->exp_pad) {
*p++ = 0;
+ }
}
/* If IMPLICIT, output tag */
@@ -255,8 +263,9 @@
if (asn1_tags.imp_tag != -1) {
if (asn1_tags.imp_class == V_ASN1_UNIVERSAL &&
(asn1_tags.imp_tag == V_ASN1_SEQUENCE ||
- asn1_tags.imp_tag == V_ASN1_SET))
+ asn1_tags.imp_tag == V_ASN1_SET)) {
hdr_constructed = V_ASN1_CONSTRUCTED;
+ }
ASN1_put_object(&p, hdr_constructed, hdr_len, asn1_tags.imp_tag,
asn1_tags.imp_class);
}
@@ -270,10 +279,12 @@
ret = d2i_ASN1_TYPE(NULL, &cp, len);
err:
- if (orig_der)
+ if (orig_der) {
OPENSSL_free(orig_der);
- if (new_der)
+ }
+ if (new_der) {
OPENSSL_free(new_der);
+ }
return ret;
}
@@ -287,8 +298,9 @@
int tmp_tag, tmp_class;
- if (elem == NULL)
+ if (elem == NULL) {
return -1;
+ }
for (i = 0, p = elem; i < len; p++, i++) {
/* Look for the ':' in name value pairs */
@@ -327,36 +339,43 @@
OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NESTED_TAGGING);
return -1;
}
- if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))
+ if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class)) {
return -1;
+ }
break;
case ASN1_GEN_FLAG_EXP:
- if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))
+ if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class)) {
return -1;
- if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))
+ }
+ if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0)) {
return -1;
+ }
break;
case ASN1_GEN_FLAG_SEQWRAP:
- if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))
+ if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1)) {
return -1;
+ }
break;
case ASN1_GEN_FLAG_SETWRAP:
- if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))
+ if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1)) {
return -1;
+ }
break;
case ASN1_GEN_FLAG_BITWRAP:
- if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))
+ if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1)) {
return -1;
+ }
break;
case ASN1_GEN_FLAG_OCTWRAP:
- if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))
+ if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1)) {
return -1;
+ }
break;
case ASN1_GEN_FLAG_FORMAT:
@@ -364,15 +383,15 @@
OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT);
return -1;
}
- if (!strncmp(vstart, "ASCII", 5))
+ if (!strncmp(vstart, "ASCII", 5)) {
arg->format = ASN1_GEN_FORMAT_ASCII;
- else if (!strncmp(vstart, "UTF8", 4))
+ } else if (!strncmp(vstart, "UTF8", 4)) {
arg->format = ASN1_GEN_FORMAT_UTF8;
- else if (!strncmp(vstart, "HEX", 3))
+ } else if (!strncmp(vstart, "HEX", 3)) {
arg->format = ASN1_GEN_FORMAT_HEX;
- else if (!strncmp(vstart, "BITLIST", 7))
+ } else if (!strncmp(vstart, "BITLIST", 7)) {
arg->format = ASN1_GEN_FORMAT_BITLIST;
- else {
+ } else {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT);
return -1;
}
@@ -386,22 +405,25 @@
char erch[2];
long tag_num;
char *eptr;
- if (!vstart)
+ if (!vstart) {
return 0;
+ }
tag_num = strtoul(vstart, &eptr, 10);
/* Check we haven't gone past max length: should be impossible */
- if (eptr && *eptr && (eptr > vstart + vlen))
+ if (eptr && *eptr && (eptr > vstart + vlen)) {
return 0;
+ }
if (tag_num < 0) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER);
return 0;
}
*ptag = tag_num;
/* If we have non numeric characters, parse them */
- if (eptr)
+ if (eptr) {
vlen -= eptr - vstart;
- else
+ } else {
vlen = 0;
+ }
if (vlen) {
switch (*eptr) {
case 'U':
@@ -428,8 +450,9 @@
return 0;
break;
}
- } else
+ } else {
*pclass = V_ASN1_CONTEXT_SPECIFIC;
+ }
return 1;
}
@@ -445,21 +468,26 @@
int derlen;
size_t i;
sk = sk_ASN1_TYPE_new_null();
- if (!sk)
+ if (!sk) {
goto bad;
+ }
if (section) {
- if (!cnf)
+ if (!cnf) {
goto bad;
+ }
sect = X509V3_get_section(cnf, (char *)section);
- if (!sect)
+ if (!sect) {
goto bad;
+ }
for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
ASN1_TYPE *typ = generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf,
depth + 1, perr);
- if (!typ)
+ if (!typ) {
goto bad;
- if (!sk_ASN1_TYPE_push(sk, typ))
+ }
+ if (!sk_ASN1_TYPE_push(sk, typ)) {
goto bad;
+ }
}
}
@@ -467,19 +495,23 @@
* Now we has a STACK of the components, convert to the correct form
*/
- if (utype == V_ASN1_SET)
+ if (utype == V_ASN1_SET) {
derlen = i2d_ASN1_SET_ANY(sk, &der);
- else
+ } else {
derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der);
+ }
- if (derlen < 0)
+ if (derlen < 0) {
goto bad;
+ }
- if (!(ret = ASN1_TYPE_new()))
+ if (!(ret = ASN1_TYPE_new())) {
goto bad;
+ }
- if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))
+ if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype))) {
goto bad;
+ }
ret->type = utype;
@@ -490,13 +522,16 @@
bad:
- if (der)
+ if (der) {
OPENSSL_free(der);
+ }
- if (sk)
+ if (sk) {
sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
- if (sect)
+ }
+ if (sect) {
X509V3_section_free(cnf, sect);
+ }
return ret;
}
@@ -600,13 +635,15 @@
ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),
};
- if (len == -1)
+ if (len == -1) {
len = strlen(tagstr);
+ }
tntmp = tnst;
for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++) {
- if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))
+ if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len)) {
return tntmp->tag;
+ }
}
return -1;
@@ -627,8 +664,9 @@
return NULL;
}
- if (!str)
+ if (!str) {
str = "";
+ }
switch (utype) {
case V_ASN1_NULL:
@@ -707,11 +745,11 @@
case V_ASN1_GENERALSTRING:
case V_ASN1_NUMERICSTRING:
- if (format == ASN1_GEN_FORMAT_ASCII)
+ if (format == ASN1_GEN_FORMAT_ASCII) {
format = MBSTRING_ASC;
- else if (format == ASN1_GEN_FORMAT_UTF8)
+ } else if (format == ASN1_GEN_FORMAT_UTF8) {
format = MBSTRING_UTF8;
- else {
+ } else {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_FORMAT);
goto bad_form;
}
@@ -743,10 +781,10 @@
atmp->value.asn1_string->length = rdlen;
atmp->value.asn1_string->type = utype;
- } else if (format == ASN1_GEN_FORMAT_ASCII)
+ } else if (format == ASN1_GEN_FORMAT_ASCII) {
ASN1_STRING_set(atmp->value.asn1_string, str, -1);
- else if ((format == ASN1_GEN_FORMAT_BITLIST) &&
- (utype == V_ASN1_BIT_STRING)) {
+ } else if ((format == ASN1_GEN_FORMAT_BITLIST) &&
+ (utype == V_ASN1_BIT_STRING)) {
if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string)) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_LIST_ERROR);
goto bad_str;
@@ -785,11 +823,13 @@
static int bitstr_cb(const char *elem, int len, void *bitstr) {
long bitnum;
char *eptr;
- if (!elem)
+ if (!elem) {
return 0;
+ }
bitnum = strtoul(elem, &eptr, 10);
- if (eptr && *eptr && (eptr != elem + len))
+ if (eptr && *eptr && (eptr != elem + len)) {
return 0;
+ }
if (bitnum < 0) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER);
return 0;
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index 3d74188..e5e72b3 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -123,16 +123,18 @@
case X509_L_ADD_DIR:
if (argl == X509_FILETYPE_DEFAULT) {
dir = (char *)getenv(X509_get_default_cert_dir_env());
- if (dir)
+ if (dir) {
ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
- else
+ } else {
ret =
add_cert_dir(ld, X509_get_default_cert_dir(), X509_FILETYPE_PEM);
+ }
if (!ret) {
OPENSSL_PUT_ERROR(X509, X509_R_LOADING_CERT_DIR);
}
- } else
+ } else {
ret = add_cert_dir(ld, argp, (int)argl);
+ }
break;
}
return (ret);
@@ -141,8 +143,9 @@
static int new_dir(X509_LOOKUP *lu) {
BY_DIR *a;
- if ((a = (BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL)
+ if ((a = (BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL) {
return (0);
+ }
if ((a->buffer = BUF_MEM_new()) == NULL) {
OPENSSL_free(a);
return (0);
@@ -155,18 +158,22 @@
static void by_dir_hash_free(BY_DIR_HASH *hash) { OPENSSL_free(hash); }
static int by_dir_hash_cmp(const BY_DIR_HASH **a, const BY_DIR_HASH **b) {
- if ((*a)->hash > (*b)->hash)
+ if ((*a)->hash > (*b)->hash) {
return 1;
- if ((*a)->hash < (*b)->hash)
+ }
+ if ((*a)->hash < (*b)->hash) {
return -1;
+ }
return 0;
}
static void by_dir_entry_free(BY_DIR_ENTRY *ent) {
- if (ent->dir)
+ if (ent->dir) {
OPENSSL_free(ent->dir);
- if (ent->hashes)
+ }
+ if (ent->hashes) {
sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free);
+ }
OPENSSL_free(ent);
}
@@ -174,10 +181,12 @@
BY_DIR *a;
a = (BY_DIR *)lu->method_data;
- if (a->dirs != NULL)
+ if (a->dirs != NULL) {
sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free);
- if (a->buffer != NULL)
+ }
+ if (a->buffer != NULL) {
BUF_MEM_free(a->buffer);
+ }
OPENSSL_free(a);
}
@@ -198,15 +207,18 @@
ss = s;
s = p + 1;
len = p - ss;
- if (len == 0)
+ if (len == 0) {
continue;
+ }
for (j = 0; j < sk_BY_DIR_ENTRY_num(ctx->dirs); j++) {
ent = sk_BY_DIR_ENTRY_value(ctx->dirs, j);
- if (strlen(ent->dir) == len && strncmp(ent->dir, ss, len) == 0)
+ if (strlen(ent->dir) == len && strncmp(ent->dir, ss, len) == 0) {
break;
+ }
}
- if (j < sk_BY_DIR_ENTRY_num(ctx->dirs))
+ if (j < sk_BY_DIR_ENTRY_num(ctx->dirs)) {
continue;
+ }
if (ctx->dirs == NULL) {
ctx->dirs = sk_BY_DIR_ENTRY_new_null();
if (!ctx->dirs) {
@@ -215,8 +227,9 @@
}
}
ent = OPENSSL_malloc(sizeof(BY_DIR_ENTRY));
- if (!ent)
+ if (!ent) {
return 0;
+ }
ent->dir_type = type;
ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp);
ent->dir = OPENSSL_malloc(len + 1);
@@ -263,8 +276,9 @@
X509_OBJECT stmp, *tmp;
const char *postfix = "";
- if (name == NULL)
+ if (name == NULL) {
return (0);
+ }
stmp.type = type;
if (type == X509_LU_X509) {
@@ -352,17 +366,20 @@
#endif
{
struct stat st;
- if (stat(b->data, &st) < 0)
+ if (stat(b->data, &st) < 0) {
break;
+ }
}
#endif
/* found one. */
if (type == X509_LU_X509) {
- if ((X509_load_cert_file(xl, b->data, ent->dir_type)) == 0)
+ if ((X509_load_cert_file(xl, b->data, ent->dir_type)) == 0) {
break;
+ }
} else if (type == X509_LU_CRL) {
- if ((X509_load_crl_file(xl, b->data, ent->dir_type)) == 0)
+ if ((X509_load_crl_file(xl, b->data, ent->dir_type)) == 0) {
break;
+ }
}
/* else case will caught higher up */
k++;
@@ -392,8 +409,9 @@
if (!hent) {
htmp.hash = h;
sk_BY_DIR_HASH_sort(ent->hashes);
- if (sk_BY_DIR_HASH_find(ent->hashes, &idx, &htmp))
+ if (sk_BY_DIR_HASH_find(ent->hashes, &idx, &htmp)) {
hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
+ }
}
if (!hent) {
hent = OPENSSL_malloc(sizeof(BY_DIR_HASH));
@@ -411,8 +429,9 @@
goto finish;
}
sk_BY_DIR_HASH_sort(ent->hashes);
- } else if (hent->suffix < k)
+ } else if (hent->suffix < k) {
hent->suffix = k;
+ }
CRYPTO_STATIC_MUTEX_unlock_write(&g_ent_hashes_lock);
}
@@ -441,8 +460,9 @@
}
}
finish:
- if (b != NULL)
+ if (b != NULL) {
BUF_MEM_free(b);
+ }
return (ok);
}
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index b28ef99..d45c96f 100644
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -91,21 +91,24 @@
case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT) {
file = getenv(X509_get_default_cert_file_env());
- if (file)
+ if (file) {
ok = (X509_load_cert_crl_file(ctx, file, X509_FILETYPE_PEM) != 0);
+ }
- else
+ else {
ok = (X509_load_cert_crl_file(ctx, X509_get_default_cert_file(),
X509_FILETYPE_PEM) != 0);
+ }
if (!ok) {
OPENSSL_PUT_ERROR(X509, X509_R_LOADING_DEFAULTS);
}
} else {
- if (argl == X509_FILETYPE_PEM)
+ if (argl == X509_FILETYPE_PEM) {
ok = (X509_load_cert_crl_file(ctx, argp, X509_FILETYPE_PEM) != 0);
- else
+ } else {
ok = (X509_load_cert_file(ctx, argp, (int)argl) != 0);
+ }
}
break;
}
@@ -139,8 +142,9 @@
goto err;
}
i = X509_STORE_add_cert(ctx->store_ctx, x);
- if (!i)
+ if (!i) {
goto err;
+ }
count++;
X509_free(x);
x = NULL;
@@ -153,8 +157,9 @@
goto err;
}
i = X509_STORE_add_cert(ctx->store_ctx, x);
- if (!i)
+ if (!i) {
goto err;
+ }
ret = i;
} else {
OPENSSL_PUT_ERROR(X509, X509_R_BAD_X509_FILETYPE);
@@ -166,10 +171,12 @@
}
err:
- if (x != NULL)
+ if (x != NULL) {
X509_free(x);
- if (in != NULL)
+ }
+ if (in != NULL) {
BIO_free(in);
+ }
return (ret);
}
@@ -200,8 +207,9 @@
goto err;
}
i = X509_STORE_add_crl(ctx->store_ctx, x);
- if (!i)
+ if (!i) {
goto err;
+ }
count++;
X509_CRL_free(x);
x = NULL;
@@ -214,8 +222,9 @@
goto err;
}
i = X509_STORE_add_crl(ctx->store_ctx, x);
- if (!i)
+ if (!i) {
goto err;
+ }
ret = i;
} else {
OPENSSL_PUT_ERROR(X509, X509_R_BAD_X509_FILETYPE);
@@ -227,10 +236,12 @@
}
err:
- if (x != NULL)
+ if (x != NULL) {
X509_CRL_free(x);
- if (in != NULL)
+ }
+ if (in != NULL) {
BIO_free(in);
+ }
return (ret);
}
@@ -241,8 +252,9 @@
size_t i;
int count = 0;
- if (type != X509_FILETYPE_PEM)
+ if (type != X509_FILETYPE_PEM) {
return X509_load_cert_file(ctx, file, type);
+ }
in = BIO_new_file(file, "r");
if (!in) {
OPENSSL_PUT_ERROR(X509, ERR_R_SYS_LIB);
diff --git a/crypto/x509/name_print.c b/crypto/x509/name_print.c
index dc34acd..9ca3a99 100644
--- a/crypto/x509/name_print.c
+++ b/crypto/x509/name_print.c
@@ -94,11 +94,13 @@
int outlen, len;
const char *sep_dn, *sep_mv, *sep_eq;
int sep_dn_len, sep_mv_len, sep_eq_len;
- if (indent < 0)
+ if (indent < 0) {
indent = 0;
+ }
outlen = indent;
- if (!do_indent(out, indent))
+ if (!do_indent(out, indent)) {
return -1;
+ }
switch (flags & XN_FLAG_SEP_MASK) {
case XN_FLAG_SEP_MULTILINE:
sep_dn = "\n";
@@ -147,21 +149,25 @@
cnt = X509_NAME_entry_count(n);
for (i = 0; i < cnt; i++) {
- if (flags & XN_FLAG_DN_REV)
+ if (flags & XN_FLAG_DN_REV) {
ent = X509_NAME_get_entry(n, cnt - i - 1);
- else
+ } else {
ent = X509_NAME_get_entry(n, i);
+ }
if (prev != -1) {
if (prev == X509_NAME_ENTRY_set(ent)) {
- if (!maybe_write(out, sep_mv, sep_mv_len))
+ if (!maybe_write(out, sep_mv, sep_mv_len)) {
return -1;
+ }
outlen += sep_mv_len;
} else {
- if (!maybe_write(out, sep_dn, sep_dn_len))
+ if (!maybe_write(out, sep_dn, sep_dn_len)) {
return -1;
+ }
outlen += sep_dn_len;
- if (!do_indent(out, indent))
+ if (!do_indent(out, indent)) {
return -1;
+ }
outlen += indent;
}
}
@@ -188,15 +194,18 @@
}
}
objlen = strlen(objbuf);
- if (!maybe_write(out, objbuf, objlen))
+ if (!maybe_write(out, objbuf, objlen)) {
return -1;
+ }
if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
- if (!do_indent(out, fld_len - objlen))
+ if (!do_indent(out, fld_len - objlen)) {
return -1;
+ }
outlen += fld_len - objlen;
}
- if (!maybe_write(out, sep_eq, sep_eq_len))
+ if (!maybe_write(out, sep_eq, sep_eq_len)) {
return -1;
+ }
outlen += objlen + sep_eq_len;
}
/*
@@ -204,14 +213,16 @@
* might want to limit this further so it will DER dump on anything
* other than a few 'standard' fields.
*/
- if ((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS))
+ if ((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS)) {
orflags = ASN1_STRFLGS_DUMP_ALL;
- else
+ } else {
orflags = 0;
+ }
len = ASN1_STRING_print_ex(out, val, flags | orflags);
- if (len < 0)
+ if (len < 0) {
return -1;
+ }
outlen += len;
}
return outlen;
@@ -219,8 +230,9 @@
int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
unsigned long flags) {
- if (flags == XN_FLAG_COMPAT)
+ if (flags == XN_FLAG_COMPAT) {
return X509_NAME_print(out, nm, indent);
+ }
return do_name_ex(out, nm, indent, flags);
}
diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index fa2d327..63cb444 100644
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -104,15 +104,18 @@
nmindent = 12;
}
- if (nmflags == X509_FLAG_COMPAT)
+ if (nmflags == X509_FLAG_COMPAT) {
nmindent = 16;
+ }
ci = x->cert_info;
if (!(cflag & X509_FLAG_NO_HEADER)) {
- if (BIO_write(bp, "Certificate:\n", 13) <= 0)
+ if (BIO_write(bp, "Certificate:\n", 13) <= 0) {
goto err;
- if (BIO_write(bp, " Data:\n", 10) <= 0)
+ }
+ if (BIO_write(bp, " Data:\n", 10) <= 0) {
goto err;
+ }
}
if (!(cflag & X509_FLAG_NO_VERSION)) {
l = X509_get_version(x);
@@ -152,49 +155,68 @@
}
if (!(cflag & X509_FLAG_NO_SIGNAME)) {
- if (X509_signature_print(bp, ci->signature, NULL) <= 0)
+ if (X509_signature_print(bp, ci->signature, NULL) <= 0) {
goto err;
+ }
}
if (!(cflag & X509_FLAG_NO_ISSUER)) {
- if (BIO_printf(bp, " Issuer:%c", mlch) <= 0)
+ if (BIO_printf(bp, " Issuer:%c", mlch) <= 0) {
goto err;
- if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags) < 0)
+ }
+ if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags) <
+ 0) {
goto err;
- if (BIO_write(bp, "\n", 1) <= 0)
+ }
+ if (BIO_write(bp, "\n", 1) <= 0) {
goto err;
+ }
}
if (!(cflag & X509_FLAG_NO_VALIDITY)) {
- if (BIO_write(bp, " Validity\n", 17) <= 0)
+ if (BIO_write(bp, " Validity\n", 17) <= 0) {
goto err;
- if (BIO_write(bp, " Not Before: ", 24) <= 0)
+ }
+ if (BIO_write(bp, " Not Before: ", 24) <= 0) {
goto err;
- if (!ASN1_TIME_print(bp, X509_get_notBefore(x)))
+ }
+ if (!ASN1_TIME_print(bp, X509_get_notBefore(x))) {
goto err;
- if (BIO_write(bp, "\n Not After : ", 25) <= 0)
+ }
+ if (BIO_write(bp, "\n Not After : ", 25) <= 0) {
goto err;
- if (!ASN1_TIME_print(bp, X509_get_notAfter(x)))
+ }
+ if (!ASN1_TIME_print(bp, X509_get_notAfter(x))) {
goto err;
- if (BIO_write(bp, "\n", 1) <= 0)
+ }
+ if (BIO_write(bp, "\n", 1) <= 0) {
goto err;
+ }
}
if (!(cflag & X509_FLAG_NO_SUBJECT)) {
- if (BIO_printf(bp, " Subject:%c", mlch) <= 0)
+ if (BIO_printf(bp, " Subject:%c", mlch) <= 0) {
goto err;
- if (X509_NAME_print_ex(bp, X509_get_subject_name(x), nmindent, nmflags) < 0)
+ }
+ if (X509_NAME_print_ex(bp, X509_get_subject_name(x), nmindent, nmflags) <
+ 0) {
goto err;
- if (BIO_write(bp, "\n", 1) <= 0)
+ }
+ if (BIO_write(bp, "\n", 1) <= 0) {
goto err;
+ }
}
if (!(cflag & X509_FLAG_NO_PUBKEY)) {
- if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0)
+ if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0) {
goto err;
- if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)
+ }
+ if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0) {
goto err;
- if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)
+ }
+ if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0) {
goto err;
- if (BIO_puts(bp, "\n") <= 0)
+ }
+ if (BIO_puts(bp, "\n") <= 0) {
goto err;
+ }
pkey = X509_get_pubkey(x);
if (pkey == NULL) {
@@ -208,34 +230,42 @@
if (!(cflag & X509_FLAG_NO_IDS)) {
if (ci->issuerUID) {
- if (BIO_printf(bp, "%8sIssuer Unique ID: ", "") <= 0)
+ if (BIO_printf(bp, "%8sIssuer Unique ID: ", "") <= 0) {
goto err;
- if (!X509_signature_dump(bp, ci->issuerUID, 12))
+ }
+ if (!X509_signature_dump(bp, ci->issuerUID, 12)) {
goto err;
+ }
}
if (ci->subjectUID) {
- if (BIO_printf(bp, "%8sSubject Unique ID: ", "") <= 0)
+ if (BIO_printf(bp, "%8sSubject Unique ID: ", "") <= 0) {
goto err;
- if (!X509_signature_dump(bp, ci->subjectUID, 12))
+ }
+ if (!X509_signature_dump(bp, ci->subjectUID, 12)) {
goto err;
+ }
}
}
- if (!(cflag & X509_FLAG_NO_EXTENSIONS))
+ if (!(cflag & X509_FLAG_NO_EXTENSIONS)) {
X509V3_extensions_print(bp, "X509v3 extensions", ci->extensions, cflag, 8);
+ }
if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
- if (X509_signature_print(bp, x->sig_alg, x->signature) <= 0)
+ if (X509_signature_print(bp, x->sig_alg, x->signature) <= 0) {
goto err;
+ }
}
if (!(cflag & X509_FLAG_NO_AUX)) {
- if (!X509_CERT_AUX_print(bp, x->aux, 0))
+ if (!X509_CERT_AUX_print(bp, x->aux, 0)) {
goto err;
+ }
}
ret = 1;
err:
- if (m != NULL)
+ if (m != NULL) {
OPENSSL_free(m);
+ }
return (ret);
}
@@ -249,18 +279,22 @@
/*
* display the hash of the subject as it would appear in OCSP requests
*/
- if (BIO_printf(bp, " Subject OCSP hash: ") <= 0)
+ if (BIO_printf(bp, " Subject OCSP hash: ") <= 0) {
goto err;
+ }
derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
- if ((der = dertmp = (unsigned char *)OPENSSL_malloc(derlen)) == NULL)
+ if ((der = dertmp = (unsigned char *)OPENSSL_malloc(derlen)) == NULL) {
goto err;
+ }
i2d_X509_NAME(x->cert_info->subject, &dertmp);
- if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL))
+ if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL)) {
goto err;
+ }
for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
- if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
+ if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) {
goto err;
+ }
}
OPENSSL_free(der);
der = NULL;
@@ -268,32 +302,38 @@
/*
* display the hash of the public key as it would appear in OCSP requests
*/
- if (BIO_printf(bp, "\n Public key OCSP hash: ") <= 0)
+ if (BIO_printf(bp, "\n Public key OCSP hash: ") <= 0) {
goto err;
+ }
if (!EVP_Digest(x->cert_info->key->public_key->data,
x->cert_info->key->public_key->length, SHA1md, NULL,
- EVP_sha1(), NULL))
+ EVP_sha1(), NULL)) {
goto err;
+ }
for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
- if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
+ if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) {
goto err;
+ }
}
BIO_printf(bp, "\n");
return (1);
err:
- if (der != NULL)
+ if (der != NULL) {
OPENSSL_free(der);
+ }
return (0);
}
int X509_signature_print(BIO *bp, const X509_ALGOR *sigalg,
const ASN1_STRING *sig) {
- if (BIO_puts(bp, " Signature Algorithm: ") <= 0)
+ if (BIO_puts(bp, " Signature Algorithm: ") <= 0) {
return 0;
- if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0)
+ }
+ if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) {
return 0;
+ }
/* RSA-PSS signatures have parameters to print. */
int sig_nid = OBJ_obj2nid(sigalg->algorithm);
@@ -302,10 +342,11 @@
return 0;
}
- if (sig)
+ if (sig) {
return X509_signature_dump(bp, sig, 9);
- else if (BIO_puts(bp, "\n") <= 0)
+ } else if (BIO_puts(bp, "\n") <= 0) {
return 0;
+ }
return 1;
}
@@ -314,8 +355,9 @@
int ret = 0, i;
b = X509_NAME_oneline(name, NULL, 0);
- if (!b)
+ if (!b) {
return 0;
+ }
if (!*b) {
OPENSSL_free(b);
return 1;
@@ -329,16 +371,19 @@
(s[3] == '='))))) ||
(*s == '\0')) {
i = s - c;
- if (BIO_write(bp, c, i) != i)
+ if (BIO_write(bp, c, i) != i) {
goto err;
+ }
c = s + 1; /* skip following slash */
if (*s != '\0') {
- if (BIO_write(bp, ", ", 2) != 2)
+ if (BIO_write(bp, ", ", 2) != 2) {
goto err;
+ }
}
}
- if (*s == '\0')
+ if (*s == '\0') {
break;
+ }
s++;
}
diff --git a/crypto/x509/t_x509a.c b/crypto/x509/t_x509a.c
index ad23088d..f8495e3 100644
--- a/crypto/x509/t_x509a.c
+++ b/crypto/x509/t_x509a.c
@@ -69,46 +69,52 @@
char oidstr[80], first;
size_t i;
int j;
- if (!aux)
+ if (!aux) {
return 1;
+ }
if (aux->trust) {
first = 1;
BIO_printf(out, "%*sTrusted Uses:\n%*s", indent, "", indent + 2, "");
for (i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) {
- if (!first)
+ if (!first) {
BIO_puts(out, ", ");
- else
+ } else {
first = 0;
+ }
OBJ_obj2txt(oidstr, sizeof oidstr, sk_ASN1_OBJECT_value(aux->trust, i),
0);
BIO_puts(out, oidstr);
}
BIO_puts(out, "\n");
- } else
+ } else {
BIO_printf(out, "%*sNo Trusted Uses.\n", indent, "");
+ }
if (aux->reject) {
first = 1;
BIO_printf(out, "%*sRejected Uses:\n%*s", indent, "", indent + 2, "");
for (i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) {
- if (!first)
+ if (!first) {
BIO_puts(out, ", ");
- else
+ } else {
first = 0;
+ }
OBJ_obj2txt(oidstr, sizeof oidstr, sk_ASN1_OBJECT_value(aux->reject, i),
0);
BIO_puts(out, oidstr);
}
BIO_puts(out, "\n");
- } else
+ } else {
BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
+ }
if (aux->alias) {
BIO_printf(out, "%*sAlias: %.*s\n", indent, "", aux->alias->length,
aux->alias->data);
}
if (aux->keyid) {
BIO_printf(out, "%*sKey Id: ", indent, "");
- for (j = 0; j < aux->keyid->length; j++)
+ for (j = 0; j < aux->keyid->length; j++) {
BIO_printf(out, "%s%02X", j ? ":" : "", aux->keyid->data[j]);
+ }
BIO_write(out, "\n", 1);
}
return 1;
diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c
index e8010af..3824a6e 100644
--- a/crypto/x509/x509_att.c
+++ b/crypto/x509/x509_att.c
@@ -84,32 +84,37 @@
int n;
X509_ATTRIBUTE *ex;
- if (sk == NULL)
+ if (sk == NULL) {
return (-1);
+ }
lastpos++;
- if (lastpos < 0)
+ if (lastpos < 0) {
lastpos = 0;
+ }
n = sk_X509_ATTRIBUTE_num(sk);
for (; lastpos < n; lastpos++) {
ex = sk_X509_ATTRIBUTE_value(sk, lastpos);
- if (OBJ_cmp(ex->object, obj) == 0)
+ if (OBJ_cmp(ex->object, obj) == 0) {
return (lastpos);
+ }
}
return (-1);
}
X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc) {
- if (x == NULL || loc < 0 || sk_X509_ATTRIBUTE_num(x) <= (size_t)loc)
+ if (x == NULL || loc < 0 || sk_X509_ATTRIBUTE_num(x) <= (size_t)loc) {
return NULL;
- else
+ } else {
return sk_X509_ATTRIBUTE_value(x, loc);
+ }
}
X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc) {
X509_ATTRIBUTE *ret;
- if (x == NULL || loc < 0 || sk_X509_ATTRIBUTE_num(x) <= (size_t)loc)
+ if (x == NULL || loc < 0 || sk_X509_ATTRIBUTE_num(x) <= (size_t)loc) {
return (NULL);
+ }
ret = sk_X509_ATTRIBUTE_delete(x, loc);
return (ret);
}
@@ -125,25 +130,32 @@
}
if (*x == NULL) {
- if ((sk = sk_X509_ATTRIBUTE_new_null()) == NULL)
+ if ((sk = sk_X509_ATTRIBUTE_new_null()) == NULL) {
goto err;
- } else
+ }
+ } else {
sk = *x;
+ }
- if ((new_attr = X509_ATTRIBUTE_dup(attr)) == NULL)
+ if ((new_attr = X509_ATTRIBUTE_dup(attr)) == NULL) {
goto err2;
- if (!sk_X509_ATTRIBUTE_push(sk, new_attr))
+ }
+ if (!sk_X509_ATTRIBUTE_push(sk, new_attr)) {
goto err;
- if (*x == NULL)
+ }
+ if (*x == NULL) {
*x = sk;
+ }
return (sk);
err:
OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
err2:
- if (new_attr != NULL)
+ if (new_attr != NULL) {
X509_ATTRIBUTE_free(new_attr);
- if (sk != NULL)
+ }
+ if (sk != NULL) {
sk_X509_ATTRIBUTE_free(sk);
+ }
return (NULL);
}
@@ -155,8 +167,9 @@
X509_ATTRIBUTE *attr;
STACK_OF(X509_ATTRIBUTE) *ret;
attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
- if (!attr)
+ if (!attr) {
return 0;
+ }
ret = X509at_add1_attr(x, attr);
X509_ATTRIBUTE_free(attr);
return ret;
@@ -169,8 +182,9 @@
X509_ATTRIBUTE *attr;
STACK_OF(X509_ATTRIBUTE) *ret;
attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
- if (!attr)
+ if (!attr) {
return 0;
+ }
ret = X509at_add1_attr(x, attr);
X509_ATTRIBUTE_free(attr);
return ret;
@@ -184,8 +198,9 @@
X509_ATTRIBUTE *attr;
STACK_OF(X509_ATTRIBUTE) *ret;
attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
- if (!attr)
+ if (!attr) {
return 0;
+ }
ret = X509at_add1_attr(x, attr);
X509_ATTRIBUTE_free(attr);
return ret;
@@ -215,20 +230,25 @@
OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
return (NULL);
}
- } else
+ } else {
ret = *attr;
+ }
- if (!X509_ATTRIBUTE_set1_object(ret, obj))
+ if (!X509_ATTRIBUTE_set1_object(ret, obj)) {
goto err;
- if (!X509_ATTRIBUTE_set1_data(ret, attrtype, data, len))
+ }
+ if (!X509_ATTRIBUTE_set1_data(ret, attrtype, data, len)) {
goto err;
+ }
- if ((attr != NULL) && (*attr == NULL))
+ if ((attr != NULL) && (*attr == NULL)) {
*attr = ret;
+ }
return (ret);
err:
- if ((attr == NULL) || (ret != *attr))
+ if ((attr == NULL) || (ret != *attr)) {
X509_ATTRIBUTE_free(ret);
+ }
return (NULL);
}
@@ -251,8 +271,9 @@
}
int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj) {
- if ((attr == NULL) || (obj == NULL))
+ if ((attr == NULL) || (obj == NULL)) {
return (0);
+ }
ASN1_OBJECT_free(attr->object);
attr->object = OBJ_dup(obj);
return attr->object != NULL;
@@ -263,8 +284,9 @@
ASN1_TYPE *ttmp = NULL;
ASN1_STRING *stmp = NULL;
int atype = 0;
- if (!attr)
+ if (!attr) {
return 0;
+ }
if (attrtype & MBSTRING_FLAG) {
stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
OBJ_obj2nid(attr->object));
@@ -274,10 +296,12 @@
}
atype = stmp->type;
} else if (len != -1) {
- if (!(stmp = ASN1_STRING_type_new(attrtype)))
+ if (!(stmp = ASN1_STRING_type_new(attrtype))) {
goto err;
- if (!ASN1_STRING_set(stmp, data, len))
+ }
+ if (!ASN1_STRING_set(stmp, data, len)) {
goto err;
+ }
atype = attrtype;
}
/*
@@ -289,17 +313,20 @@
ASN1_STRING_free(stmp);
return 1;
}
- if (!(ttmp = ASN1_TYPE_new()))
+ if (!(ttmp = ASN1_TYPE_new())) {
goto err;
+ }
if ((len == -1) && !(attrtype & MBSTRING_FLAG)) {
- if (!ASN1_TYPE_set1(ttmp, attrtype, data))
+ if (!ASN1_TYPE_set1(ttmp, attrtype, data)) {
goto err;
+ }
} else {
ASN1_TYPE_set(ttmp, atype, stmp);
stmp = NULL;
}
- if (!sk_ASN1_TYPE_push(attr->set, ttmp))
+ if (!sk_ASN1_TYPE_push(attr->set, ttmp)) {
goto err;
+ }
return 1;
err:
OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
@@ -313,8 +340,9 @@
}
ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr) {
- if (attr == NULL)
+ if (attr == NULL) {
return (NULL);
+ }
return (attr->object);
}
@@ -322,8 +350,9 @@
void *unused) {
ASN1_TYPE *ttmp;
ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
- if (!ttmp)
+ if (!ttmp) {
return NULL;
+ }
if (attrtype != ASN1_TYPE_get(ttmp)) {
OPENSSL_PUT_ERROR(X509, X509_R_WRONG_TYPE);
return NULL;
@@ -332,9 +361,11 @@
}
ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx) {
- if (attr == NULL)
+ if (attr == NULL) {
return NULL;
- if (idx >= X509_ATTRIBUTE_count(attr))
+ }
+ if (idx >= X509_ATTRIBUTE_count(attr)) {
return NULL;
+ }
return sk_ASN1_TYPE_value(attr->set, idx);
}
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 1837082..788a073 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -78,8 +78,9 @@
ai = a->cert_info;
bi = b->cert_info;
i = ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber);
- if (i)
+ if (i) {
return (i);
+ }
return (X509_NAME_cmp(ai->issuer, bi->issuer));
}
@@ -161,20 +162,23 @@
if (!a->canon_enc || a->modified) {
ret = i2d_X509_NAME((X509_NAME *)a, NULL);
- if (ret < 0)
+ if (ret < 0) {
return -2;
+ }
}
if (!b->canon_enc || b->modified) {
ret = i2d_X509_NAME((X509_NAME *)b, NULL);
- if (ret < 0)
+ if (ret < 0) {
return -2;
+ }
}
ret = a->canon_enclen - b->canon_enclen;
- if (ret)
+ if (ret) {
return ret;
+ }
return OPENSSL_memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);
}
@@ -185,8 +189,9 @@
/* Make sure X509_NAME structure contains valid cached encoding */
i2d_X509_NAME(x, NULL);
- if (!EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(), NULL))
+ if (!EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(), NULL)) {
return 0;
+ }
ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)) &
@@ -210,10 +215,11 @@
/* EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); */
if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) &&
EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) &&
- EVP_DigestFinal_ex(&md_ctx, md, NULL))
+ EVP_DigestFinal_ex(&md_ctx, md, NULL)) {
ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)) &
0xffffffffL;
+ }
EVP_MD_CTX_cleanup(&md_ctx);
return (ret);
@@ -226,8 +232,9 @@
X509_CINF cinf;
X509 x, *x509 = NULL;
- if (!sk)
+ if (!sk) {
return NULL;
+ }
x.cert_info = &cinf;
cinf.serialNumber = serial;
@@ -235,8 +242,9 @@
for (i = 0; i < sk_X509_num(sk); i++) {
x509 = sk_X509_value(sk, i);
- if (X509_issuer_and_serial_cmp(x509, &x) == 0)
+ if (X509_issuer_and_serial_cmp(x509, &x) == 0) {
return (x509);
+ }
}
return (NULL);
}
@@ -247,21 +255,24 @@
for (i = 0; i < sk_X509_num(sk); i++) {
x509 = sk_X509_value(sk, i);
- if (X509_NAME_cmp(X509_get_subject_name(x509), name) == 0)
+ if (X509_NAME_cmp(X509_get_subject_name(x509), name) == 0) {
return (x509);
+ }
}
return (NULL);
}
EVP_PKEY *X509_get_pubkey(X509 *x) {
- if ((x == NULL) || (x->cert_info == NULL))
+ if ((x == NULL) || (x->cert_info == NULL)) {
return (NULL);
+ }
return (X509_PUBKEY_get(x->cert_info->key));
}
ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) {
- if (!x)
+ if (!x) {
return NULL;
+ }
return x->cert_info->key->public_key;
}
@@ -271,10 +282,11 @@
xk = X509_get_pubkey(x);
- if (xk)
+ if (xk) {
ret = EVP_PKEY_cmp(xk, k);
- else
+ } else {
ret = -2;
+ }
switch (ret) {
case 1:
@@ -288,10 +300,12 @@
case -2:
OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_KEY_TYPE);
}
- if (xk)
+ if (xk) {
EVP_PKEY_free(xk);
- if (ret > 0)
+ }
+ if (ret > 0) {
return 1;
+ }
return 0;
}
@@ -304,29 +318,36 @@
static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags) {
const EC_GROUP *grp = NULL;
int curve_nid;
- if (pkey && pkey->type == EVP_PKEY_EC)
+ if (pkey && pkey->type == EVP_PKEY_EC) {
grp = EC_KEY_get0_group(pkey->pkey.ec);
- if (!grp)
+ }
+ if (!grp) {
return X509_V_ERR_SUITE_B_INVALID_ALGORITHM;
+ }
curve_nid = EC_GROUP_get_curve_name(grp);
/* Check curve is consistent with LOS */
if (curve_nid == NID_secp384r1) { /* P-384 */
/*
* Check signature algorithm is consistent with curve.
*/
- if (sign_nid != -1 && sign_nid != NID_ecdsa_with_SHA384)
+ if (sign_nid != -1 && sign_nid != NID_ecdsa_with_SHA384) {
return X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM;
- if (!(*pflags & X509_V_FLAG_SUITEB_192_LOS))
+ }
+ if (!(*pflags & X509_V_FLAG_SUITEB_192_LOS)) {
return X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED;
+ }
/* If we encounter P-384 we cannot use P-256 later */
*pflags &= ~X509_V_FLAG_SUITEB_128_LOS_ONLY;
} else if (curve_nid == NID_X9_62_prime256v1) { /* P-256 */
- if (sign_nid != -1 && sign_nid != NID_ecdsa_with_SHA256)
+ if (sign_nid != -1 && sign_nid != NID_ecdsa_with_SHA256) {
return X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM;
- if (!(*pflags & X509_V_FLAG_SUITEB_128_LOS_ONLY))
+ }
+ if (!(*pflags & X509_V_FLAG_SUITEB_128_LOS_ONLY)) {
return X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED;
- } else
+ }
+ } else {
return X509_V_ERR_SUITE_B_INVALID_CURVE;
+ }
return X509_V_OK;
}
@@ -337,15 +358,17 @@
size_t i;
EVP_PKEY *pk = NULL;
unsigned long tflags;
- if (!(flags & X509_V_FLAG_SUITEB_128_LOS))
+ if (!(flags & X509_V_FLAG_SUITEB_128_LOS)) {
return X509_V_OK;
+ }
tflags = flags;
/* If no EE certificate passed in must be first in chain */
if (x == NULL) {
x = sk_X509_value(chain, 0);
i = 1;
- } else
+ } else {
i = 0;
+ }
if (X509_get_version(x) != X509_VERSION_3) {
rv = X509_V_ERR_SUITE_B_INVALID_VERSION;
@@ -372,37 +395,43 @@
EVP_PKEY_free(pk);
pk = X509_get_pubkey(x);
rv = check_suite_b(pk, sign_nid, &tflags);
- if (rv != X509_V_OK)
+ if (rv != X509_V_OK) {
goto end;
+ }
}
/* Final check: root CA signature */
rv = check_suite_b(pk, X509_get_signature_nid(x), &tflags);
end:
- if (pk)
+ if (pk) {
EVP_PKEY_free(pk);
+ }
if (rv != X509_V_OK) {
/* Invalid signature or LOS errors are for previous cert */
if ((rv == X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM ||
rv == X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED) &&
- i)
+ i) {
i--;
+ }
/*
* If we have LOS error and flags changed then we are signing P-384
* with P-256. Use more meaninggul error.
*/
- if (rv == X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED && flags != tflags)
+ if (rv == X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED && flags != tflags) {
rv = X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256;
- if (perror_depth)
+ }
+ if (perror_depth) {
*perror_depth = i;
+ }
}
return rv;
}
int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) {
int sign_nid;
- if (!(flags & X509_V_FLAG_SUITEB_128_LOS))
+ if (!(flags & X509_V_FLAG_SUITEB_128_LOS)) {
return X509_V_OK;
+ }
sign_nid = OBJ_obj2nid(crl->crl->sig_alg->algorithm);
return check_suite_b(pk, sign_nid, &flags);
}
diff --git a/crypto/x509/x509_d2.c b/crypto/x509/x509_d2.c
index e48e5eb..7043123 100644
--- a/crypto/x509/x509_d2.c
+++ b/crypto/x509/x509_d2.c
@@ -63,13 +63,15 @@
X509_LOOKUP *lookup;
lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file());
- if (lookup == NULL)
+ if (lookup == NULL) {
return (0);
+ }
X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir());
- if (lookup == NULL)
+ if (lookup == NULL) {
return (0);
+ }
X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
/* clear any errors */
@@ -84,20 +86,25 @@
if (file != NULL) {
lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file());
- if (lookup == NULL)
+ if (lookup == NULL) {
return (0);
- if (X509_LOOKUP_load_file(lookup, file, X509_FILETYPE_PEM) != 1)
+ }
+ if (X509_LOOKUP_load_file(lookup, file, X509_FILETYPE_PEM) != 1) {
return (0);
+ }
}
if (path != NULL) {
lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir());
- if (lookup == NULL)
+ if (lookup == NULL) {
return (0);
- if (X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1)
+ }
+ if (X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1) {
return (0);
+ }
}
- if ((path == NULL) && (file == NULL))
+ if ((path == NULL) && (file == NULL)) {
return (0);
+ }
return (1);
}
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 796b14b..09661fc 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -70,8 +70,9 @@
X509_LOOKUP *ret;
ret = (X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP));
- if (ret == NULL)
+ if (ret == NULL) {
return NULL;
+ }
ret->init = 0;
ret->skip = 0;
@@ -86,68 +87,81 @@
}
void X509_LOOKUP_free(X509_LOOKUP *ctx) {
- if (ctx == NULL)
+ if (ctx == NULL) {
return;
- if ((ctx->method != NULL) && (ctx->method->free != NULL))
+ }
+ if ((ctx->method != NULL) && (ctx->method->free != NULL)) {
(*ctx->method->free)(ctx);
+ }
OPENSSL_free(ctx);
}
int X509_LOOKUP_init(X509_LOOKUP *ctx) {
- if (ctx->method == NULL)
+ if (ctx->method == NULL) {
return 0;
- if (ctx->method->init != NULL)
+ }
+ if (ctx->method->init != NULL) {
return ctx->method->init(ctx);
- else
+ } else {
return 1;
+ }
}
int X509_LOOKUP_shutdown(X509_LOOKUP *ctx) {
- if (ctx->method == NULL)
+ if (ctx->method == NULL) {
return 0;
- if (ctx->method->shutdown != NULL)
+ }
+ if (ctx->method->shutdown != NULL) {
return ctx->method->shutdown(ctx);
- else
+ } else {
return 1;
+ }
}
int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
char **ret) {
- if (ctx->method == NULL)
+ if (ctx->method == NULL) {
return -1;
- if (ctx->method->ctrl != NULL)
+ }
+ if (ctx->method->ctrl != NULL) {
return ctx->method->ctrl(ctx, cmd, argc, argl, ret);
- else
+ } else {
return 1;
+ }
}
int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
X509_OBJECT *ret) {
- if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
+ if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL)) {
return 0;
- if (ctx->skip)
+ }
+ if (ctx->skip) {
return 0;
+ }
return ctx->method->get_by_subject(ctx, type, name, ret) > 0;
}
int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
ASN1_INTEGER *serial, X509_OBJECT *ret) {
- if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL))
+ if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL)) {
return 0;
+ }
return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret) > 0;
}
int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, unsigned char *bytes,
int len, X509_OBJECT *ret) {
- if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
+ if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL)) {
return 0;
+ }
return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret) > 0;
}
int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
X509_OBJECT *ret) {
- if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
+ if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL)) {
return 0;
+ }
return ctx->method->get_by_alias(ctx, type, str, len, ret) > 0;
}
@@ -155,8 +169,9 @@
int ret;
ret = ((*a)->type - (*b)->type);
- if (ret)
+ if (ret) {
return ret;
+ }
switch ((*a)->type) {
case X509_LU_X509:
ret = X509_subject_name_cmp((*a)->data.x509, (*b)->data.x509);
@@ -174,32 +189,39 @@
X509_STORE *X509_STORE_new(void) {
X509_STORE *ret;
- if ((ret = (X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)
+ if ((ret = (X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL) {
return NULL;
+ }
OPENSSL_memset(ret, 0, sizeof(*ret));
CRYPTO_MUTEX_init(&ret->objs_lock);
ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
- if (ret->objs == NULL)
+ if (ret->objs == NULL) {
goto err;
+ }
ret->cache = 1;
ret->get_cert_methods = sk_X509_LOOKUP_new_null();
- if (ret->get_cert_methods == NULL)
+ if (ret->get_cert_methods == NULL) {
goto err;
+ }
ret->param = X509_VERIFY_PARAM_new();
- if (ret->param == NULL)
+ if (ret->param == NULL) {
goto err;
+ }
ret->references = 1;
return ret;
err:
if (ret) {
CRYPTO_MUTEX_cleanup(&ret->objs_lock);
- if (ret->param)
+ if (ret->param) {
X509_VERIFY_PARAM_free(ret->param);
- if (ret->get_cert_methods)
+ }
+ if (ret->get_cert_methods) {
sk_X509_LOOKUP_free(ret->get_cert_methods);
- if (ret->objs)
+ }
+ if (ret->objs) {
sk_X509_OBJECT_free(ret->objs);
+ }
OPENSSL_free(ret);
}
return NULL;
@@ -230,8 +252,9 @@
STACK_OF(X509_LOOKUP) *sk;
X509_LOOKUP *lu;
- if (vfy == NULL)
+ if (vfy == NULL) {
return;
+ }
if (!CRYPTO_refcount_dec_and_test_zero(&vfy->references)) {
return;
@@ -248,8 +271,9 @@
sk_X509_LOOKUP_free(sk);
sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
- if (vfy->param)
+ if (vfy->param) {
X509_VERIFY_PARAM_free(vfy->param);
+ }
OPENSSL_free(vfy);
}
@@ -267,13 +291,13 @@
}
/* a new one */
lu = X509_LOOKUP_new(m);
- if (lu == NULL)
+ if (lu == NULL) {
return NULL;
- else {
+ } else {
lu->store_ctx = v;
- if (sk_X509_LOOKUP_push(v->get_cert_methods, lu))
+ if (sk_X509_LOOKUP_push(v->get_cert_methods, lu)) {
return lu;
- else {
+ } else {
X509_LOOKUP_free(lu);
return NULL;
}
@@ -299,8 +323,9 @@
break;
}
}
- if (tmp == NULL)
+ if (tmp == NULL) {
return 0;
+ }
}
/*
@@ -421,8 +446,9 @@
size_t idx;
sk_X509_OBJECT_sort(h);
- if (!sk_X509_OBJECT_find(h, &idx, &stmp))
+ if (!sk_X509_OBJECT_find(h, &idx, &stmp)) {
return -1;
+ }
if (pnmatch != NULL) {
int tidx;
@@ -431,8 +457,9 @@
pstmp = &stmp;
for (tidx = idx + 1; tidx < (int)sk_X509_OBJECT_num(h); tidx++) {
tobj = sk_X509_OBJECT_value(h, tidx);
- if (x509_object_cmp(&tobj, &pstmp))
+ if (x509_object_cmp(&tobj, &pstmp)) {
break;
+ }
(*pnmatch)++;
}
}
@@ -449,8 +476,9 @@
X509_NAME *name) {
int idx;
idx = X509_OBJECT_idx_by_subject(h, type, name);
- if (idx == -1)
+ if (idx == -1) {
return NULL;
+ }
return sk_X509_OBJECT_value(h, idx);
}
@@ -464,8 +492,9 @@
X509 *x;
X509_OBJECT *obj;
sk = sk_X509_new_null();
- if (sk == NULL)
+ if (sk == NULL) {
return NULL;
+ }
CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock);
idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
if (idx < 0) {
@@ -508,8 +537,9 @@
X509_CRL *x;
X509_OBJECT *obj, xobj;
sk = sk_X509_CRL_new_null();
- if (sk == NULL)
+ if (sk == NULL) {
return NULL;
+ }
/* Always do lookup to possibly add new CRLs to cache. */
if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj)) {
@@ -549,20 +579,25 @@
if (!sk_X509_OBJECT_find(h, &idx, x)) {
return NULL;
}
- if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL))
+ if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL)) {
return sk_X509_OBJECT_value(h, idx);
+ }
for (i = idx; i < sk_X509_OBJECT_num(h); i++) {
obj = sk_X509_OBJECT_value(h, i);
- if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
+ if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x)) {
return NULL;
+ }
if (x->type == X509_LU_X509) {
- if (!X509_cmp(obj->data.x509, x->data.x509))
+ if (!X509_cmp(obj->data.x509, x->data.x509)) {
return obj;
+ }
} else if (x->type == X509_LU_CRL) {
- if (!X509_CRL_match(obj->data.crl, x->data.crl))
+ if (!X509_CRL_match(obj->data.crl, x->data.crl)) {
return obj;
- } else
+ }
+ } else {
return obj;
+ }
}
return NULL;
}
@@ -580,8 +615,9 @@
int idx, ret;
size_t i;
xn = X509_get_issuer_name(x);
- if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj))
+ if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj)) {
return 0;
+ }
/* If certificate matches all OK */
if (ctx->check_issued(ctx, x, obj.data.x509)) {
*issuer = obj.data.x509;
@@ -599,10 +635,12 @@
for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) {
pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
/* See if we've run past the matches */
- if (pobj->type != X509_LU_X509)
+ if (pobj->type != X509_LU_X509) {
break;
- if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509)))
+ }
+ if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) {
break;
+ }
if (ctx->check_issued(ctx, x, pobj->data.x509)) {
*issuer = pobj->data.x509;
X509_OBJECT_up_ref_count(pobj);
diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c
index 2da7e5e..65463fa 100644
--- a/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
@@ -87,10 +87,12 @@
char tmp_buf[80];
if (buf == NULL) {
- if ((b = BUF_MEM_new()) == NULL)
+ if ((b = BUF_MEM_new()) == NULL) {
goto err;
- if (!BUF_MEM_grow(b, 200))
+ }
+ if (!BUF_MEM_grow(b, 200)) {
goto err;
+ }
b->data[0] = '\0';
len = 200;
} else if (len <= 0) {
@@ -126,25 +128,30 @@
if ((type == V_ASN1_GENERALSTRING) && ((num % 4) == 0)) {
gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 0;
- for (j = 0; j < num; j++)
- if (q[j] != 0)
+ for (j = 0; j < num; j++) {
+ if (q[j] != 0) {
gs_doit[j & 3] = 1;
+ }
+ }
- if (gs_doit[0] | gs_doit[1] | gs_doit[2])
+ if (gs_doit[0] | gs_doit[1] | gs_doit[2]) {
gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
- else {
+ } else {
gs_doit[0] = gs_doit[1] = gs_doit[2] = 0;
gs_doit[3] = 1;
}
- } else
+ } else {
gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
+ }
for (l2 = j = 0; j < num; j++) {
- if (!gs_doit[j & 3])
+ if (!gs_doit[j & 3]) {
continue;
+ }
l2++;
- if ((q[j] < ' ') || (q[j] > '~'))
+ if ((q[j] < ' ') || (q[j] > '~')) {
l2 += 3;
+ }
}
lold = l;
@@ -154,13 +161,15 @@
goto end;
}
if (b != NULL) {
- if (!BUF_MEM_grow(b, l + 1))
+ if (!BUF_MEM_grow(b, l + 1)) {
goto err;
+ }
p = &(b->data[lold]);
} else if (l > len) {
break;
- } else
+ } else {
p = &(buf[lold]);
+ }
*(p++) = '/';
OPENSSL_memcpy(p, s, (unsigned int)l1);
p += l1;
@@ -169,26 +178,30 @@
q = ne->value->data;
for (j = 0; j < num; j++) {
- if (!gs_doit[j & 3])
+ if (!gs_doit[j & 3]) {
continue;
+ }
n = q[j];
if ((n < ' ') || (n > '~')) {
*(p++) = '\\';
*(p++) = 'x';
*(p++) = hex[(n >> 4) & 0x0f];
*(p++) = hex[n & 0x0f];
- } else
+ } else {
*(p++) = n;
+ }
}
*p = '\0';
}
if (b != NULL) {
p = b->data;
OPENSSL_free(b);
- } else
+ } else {
p = buf;
- if (i == 0)
+ }
+ if (i == 0) {
*p = '\0';
+ }
return (p);
err:
OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
index 049c182..778d573 100644
--- a/crypto/x509/x509_req.c
+++ b/crypto/x509/x509_req.c
@@ -77,8 +77,9 @@
}
EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req) {
- if ((req == NULL) || (req->req_info == NULL))
+ if ((req == NULL) || (req->req_info == NULL)) {
return (NULL);
+ }
return (X509_PUBKEY_get(req->req_info->pubkey));
}
@@ -190,8 +191,9 @@
}
int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr) {
- if (X509at_add1_attr(&req->req_info->attributes, attr))
+ if (X509at_add1_attr(&req->req_info->attributes, attr)) {
return 1;
+ }
return 0;
}
@@ -199,33 +201,38 @@
int attrtype, const unsigned char *data,
int len) {
if (X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj, attrtype, data,
- len))
+ len)) {
return 1;
+ }
return 0;
}
int X509_REQ_add1_attr_by_NID(X509_REQ *req, int nid, int attrtype,
const unsigned char *data, int len) {
if (X509at_add1_attr_by_NID(&req->req_info->attributes, nid, attrtype, data,
- len))
+ len)) {
return 1;
+ }
return 0;
}
int X509_REQ_add1_attr_by_txt(X509_REQ *req, const char *attrname, int attrtype,
const unsigned char *data, int len) {
if (X509at_add1_attr_by_txt(&req->req_info->attributes, attrname, attrtype,
- data, len))
+ data, len)) {
return 1;
+ }
return 0;
}
void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
const X509_ALGOR **palg) {
- if (psig != NULL)
+ if (psig != NULL) {
*psig = req->signature;
- if (palg != NULL)
+ }
+ if (palg != NULL) {
*palg = req->sig_alg;
+ }
}
int X509_REQ_get_signature_nid(const X509_REQ *req) {
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
index 413eaee..99fbdc3 100644
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@@ -100,8 +100,9 @@
int X509_set_serialNumber(X509 *x, const ASN1_INTEGER *serial) {
ASN1_INTEGER *in;
- if (x == NULL)
+ if (x == NULL) {
return (0);
+ }
in = x->cert_info->serialNumber;
if (in != serial) {
in = ASN1_INTEGER_dup(serial);
@@ -114,22 +115,25 @@
}
int X509_set_issuer_name(X509 *x, X509_NAME *name) {
- if ((x == NULL) || (x->cert_info == NULL))
+ if ((x == NULL) || (x->cert_info == NULL)) {
return (0);
+ }
return (X509_NAME_set(&x->cert_info->issuer, name));
}
int X509_set_subject_name(X509 *x, X509_NAME *name) {
- if ((x == NULL) || (x->cert_info == NULL))
+ if ((x == NULL) || (x->cert_info == NULL)) {
return (0);
+ }
return (X509_NAME_set(&x->cert_info->subject, name));
}
int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm) {
ASN1_TIME *in;
- if ((x == NULL) || (x->cert_info->validity == NULL))
+ if ((x == NULL) || (x->cert_info->validity == NULL)) {
return (0);
+ }
in = x->cert_info->validity->notBefore;
if (in != tm) {
in = ASN1_STRING_dup(tm);
@@ -166,8 +170,9 @@
int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm) {
ASN1_TIME *in;
- if ((x == NULL) || (x->cert_info->validity == NULL))
+ if ((x == NULL) || (x->cert_info->validity == NULL)) {
return (0);
+ }
in = x->cert_info->validity->notAfter;
if (in != tm) {
in = ASN1_STRING_dup(tm);
@@ -212,8 +217,9 @@
}
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey) {
- if ((x == NULL) || (x->cert_info == NULL))
+ if ((x == NULL) || (x->cert_info == NULL)) {
return (0);
+ }
return (X509_PUBKEY_set(&(x->cert_info->key), pkey));
}
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
index 2a57585..9436b2f 100644
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@@ -106,34 +106,40 @@
int X509_check_trust(X509 *x, int id, int flags) {
X509_TRUST *pt;
int idx;
- if (id == -1)
+ if (id == -1) {
return 1;
+ }
/* We get this as a default value */
if (id == 0) {
int rv;
rv = obj_trust(NID_anyExtendedKeyUsage, x, 0);
- if (rv != X509_TRUST_UNTRUSTED)
+ if (rv != X509_TRUST_UNTRUSTED) {
return rv;
+ }
return trust_compat(NULL, x, 0);
}
idx = X509_TRUST_get_by_id(id);
- if (idx == -1)
+ if (idx == -1) {
return obj_trust(id, x, flags);
+ }
pt = X509_TRUST_get0(idx);
return pt->check_trust(pt, x, flags);
}
int X509_TRUST_get_count(void) {
- if (!trtable)
+ if (!trtable) {
return X509_TRUST_COUNT;
+ }
return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
}
X509_TRUST *X509_TRUST_get0(int idx) {
- if (idx < 0)
+ if (idx < 0) {
return NULL;
- if (idx < (int)X509_TRUST_COUNT)
+ }
+ if (idx < (int)X509_TRUST_COUNT) {
return trstandard + idx;
+ }
return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
}
@@ -141,11 +147,13 @@
X509_TRUST tmp;
size_t idx;
- if ((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
+ if ((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX)) {
return id - X509_TRUST_MIN;
+ }
tmp.trust = id;
- if (!trtable)
+ if (!trtable) {
return -1;
+ }
sk_X509_TRUST_sort(trtable);
if (!sk_X509_TRUST_find(trtable, &idx, &tmp)) {
return -1;
@@ -183,21 +191,24 @@
return 0;
}
trtmp->flags = X509_TRUST_DYNAMIC;
- } else
+ } else {
trtmp = X509_TRUST_get0(idx);
+ }
/* Duplicate the supplied name. */
name_dup = OPENSSL_strdup(name);
if (name_dup == NULL) {
OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
- if (idx == -1)
+ if (idx == -1) {
OPENSSL_free(trtmp);
+ }
return 0;
}
/* OPENSSL_free existing name if dynamic */
- if (trtmp->flags & X509_TRUST_DYNAMIC_NAME)
+ if (trtmp->flags & X509_TRUST_DYNAMIC_NAME) {
OPENSSL_free(trtmp->name);
+ }
trtmp->name = name_dup;
/* Keep the dynamic flag of existing entry */
trtmp->flags &= X509_TRUST_DYNAMIC;
@@ -226,19 +237,22 @@
}
static void trtable_free(X509_TRUST *p) {
- if (!p)
+ if (!p) {
return;
+ }
if (p->flags & X509_TRUST_DYNAMIC) {
- if (p->flags & X509_TRUST_DYNAMIC_NAME)
+ if (p->flags & X509_TRUST_DYNAMIC_NAME) {
OPENSSL_free(p->name);
+ }
OPENSSL_free(p);
}
}
void X509_TRUST_cleanup(void) {
unsigned int i;
- for (i = 0; i < X509_TRUST_COUNT; i++)
+ for (i = 0; i < X509_TRUST_COUNT; i++) {
trtable_free(trstandard + i);
+ }
sk_X509_TRUST_pop_free(trtable, trtable_free);
trtable = NULL;
}
@@ -250,8 +264,9 @@
int X509_TRUST_get_trust(const X509_TRUST *xp) { return xp->trust; }
static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags) {
- if (x->aux && (x->aux->trust || x->aux->reject))
+ if (x->aux && (x->aux->trust || x->aux->reject)) {
return obj_trust(trust->arg1, x, flags);
+ }
/*
* we don't have any trust settings: for compatibility we return trusted
* if it is self signed
@@ -260,18 +275,21 @@
}
static int trust_1oid(X509_TRUST *trust, X509 *x, int flags) {
- if (x->aux)
+ if (x->aux) {
return obj_trust(trust->arg1, x, flags);
+ }
return X509_TRUST_UNTRUSTED;
}
static int trust_compat(X509_TRUST *trust, X509 *x, int flags) {
- if (!x509v3_cache_extensions(x))
+ if (!x509v3_cache_extensions(x)) {
return X509_TRUST_UNTRUSTED;
- if (x->ex_flags & EXFLAG_SS)
+ }
+ if (x->ex_flags & EXFLAG_SS) {
return X509_TRUST_TRUSTED;
- else
+ } else {
return X509_TRUST_UNTRUSTED;
+ }
}
static int obj_trust(int id, X509 *x, int flags) {
@@ -279,20 +297,23 @@
size_t i;
X509_CERT_AUX *ax;
ax = x->aux;
- if (!ax)
+ if (!ax) {
return X509_TRUST_UNTRUSTED;
+ }
if (ax->reject) {
for (i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
obj = sk_ASN1_OBJECT_value(ax->reject, i);
- if (OBJ_obj2nid(obj) == id)
+ if (OBJ_obj2nid(obj) == id) {
return X509_TRUST_REJECTED;
+ }
}
}
if (ax->trust) {
for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
obj = sk_ASN1_OBJECT_value(ax->trust, i);
- if (OBJ_obj2nid(obj) == id)
+ if (OBJ_obj2nid(obj) == id) {
return X509_TRUST_TRUSTED;
+ }
}
}
return X509_TRUST_UNTRUSTED;
diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c
index 4fa7dbb..e26d1ab 100644
--- a/crypto/x509/x509_v3.c
+++ b/crypto/x509/x509_v3.c
@@ -66,8 +66,9 @@
int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x) {
- if (x == NULL)
+ if (x == NULL) {
return (0);
+ }
return (sk_X509_EXTENSION_num(x));
}
@@ -85,16 +86,19 @@
int n;
X509_EXTENSION *ex;
- if (sk == NULL)
+ if (sk == NULL) {
return (-1);
+ }
lastpos++;
- if (lastpos < 0)
+ if (lastpos < 0) {
lastpos = 0;
+ }
n = sk_X509_EXTENSION_num(sk);
for (; lastpos < n; lastpos++) {
ex = sk_X509_EXTENSION_value(sk, lastpos);
- if (OBJ_cmp(ex->object, obj) == 0)
+ if (OBJ_cmp(ex->object, obj) == 0) {
return (lastpos);
+ }
}
return (-1);
}
@@ -122,17 +126,19 @@
}
X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc) {
- if (x == NULL || loc < 0 || sk_X509_EXTENSION_num(x) <= (size_t)loc)
+ if (x == NULL || loc < 0 || sk_X509_EXTENSION_num(x) <= (size_t)loc) {
return NULL;
- else
+ } else {
return sk_X509_EXTENSION_value(x, loc);
+ }
}
X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc) {
X509_EXTENSION *ret;
- if (x == NULL || loc < 0 || sk_X509_EXTENSION_num(x) <= (size_t)loc)
+ if (x == NULL || loc < 0 || sk_X509_EXTENSION_num(x) <= (size_t)loc) {
return (NULL);
+ }
ret = sk_X509_EXTENSION_delete(x, loc);
return (ret);
}
@@ -149,23 +155,29 @@
}
if (*x == NULL) {
- if ((sk = sk_X509_EXTENSION_new_null()) == NULL)
+ if ((sk = sk_X509_EXTENSION_new_null()) == NULL) {
goto err;
- } else
+ }
+ } else {
sk = *x;
+ }
n = sk_X509_EXTENSION_num(sk);
- if (loc > n)
+ if (loc > n) {
loc = n;
- else if (loc < 0)
+ } else if (loc < 0) {
loc = n;
+ }
- if ((new_ex = X509_EXTENSION_dup(ex)) == NULL)
+ if ((new_ex = X509_EXTENSION_dup(ex)) == NULL) {
goto err2;
- if (!sk_X509_EXTENSION_insert(sk, new_ex, loc))
+ }
+ if (!sk_X509_EXTENSION_insert(sk, new_ex, loc)) {
goto err;
- if (*x == NULL)
+ }
+ if (*x == NULL) {
*x = sk;
+ }
return (sk);
err:
OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
@@ -200,36 +212,44 @@
OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
return (NULL);
}
- } else
+ } else {
ret = *ex;
+ }
- if (!X509_EXTENSION_set_object(ret, obj))
+ if (!X509_EXTENSION_set_object(ret, obj)) {
goto err;
- if (!X509_EXTENSION_set_critical(ret, crit))
+ }
+ if (!X509_EXTENSION_set_critical(ret, crit)) {
goto err;
- if (!X509_EXTENSION_set_data(ret, data))
+ }
+ if (!X509_EXTENSION_set_data(ret, data)) {
goto err;
+ }
- if ((ex != NULL) && (*ex == NULL))
+ if ((ex != NULL) && (*ex == NULL)) {
*ex = ret;
+ }
return (ret);
err:
- if ((ex == NULL) || (ret != *ex))
+ if ((ex == NULL) || (ret != *ex)) {
X509_EXTENSION_free(ret);
+ }
return (NULL);
}
int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj) {
- if ((ex == NULL) || (obj == NULL))
+ if ((ex == NULL) || (obj == NULL)) {
return (0);
+ }
ASN1_OBJECT_free(ex->object);
ex->object = OBJ_dup(obj);
return ex->object != NULL;
}
int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit) {
- if (ex == NULL)
+ if (ex == NULL) {
return (0);
+ }
ex->critical = (crit) ? 0xFF : -1;
return (1);
}
@@ -237,30 +257,36 @@
int X509_EXTENSION_set_data(X509_EXTENSION *ex, const ASN1_OCTET_STRING *data) {
int i;
- if (ex == NULL)
+ if (ex == NULL) {
return (0);
+ }
i = ASN1_OCTET_STRING_set(ex->value, data->data, data->length);
- if (!i)
+ if (!i) {
return (0);
+ }
return (1);
}
ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex) {
- if (ex == NULL)
+ if (ex == NULL) {
return (NULL);
+ }
return (ex->object);
}
ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex) {
- if (ex == NULL)
+ if (ex == NULL) {
return (NULL);
+ }
return (ex->value);
}
int X509_EXTENSION_get_critical(const X509_EXTENSION *ex) {
- if (ex == NULL)
+ if (ex == NULL) {
return (0);
- if (ex->critical > 0)
+ }
+ if (ex->critical > 0) {
return 1;
+ }
return 0;
}
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 26080bb..bbbecc6 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -161,18 +161,21 @@
size_t i;
/* Lookup all certs with matching subject name */
certs = ctx->lookup_certs(ctx, X509_get_subject_name(x));
- if (certs == NULL)
+ if (certs == NULL) {
return NULL;
+ }
/* Look for exact match */
for (i = 0; i < sk_X509_num(certs); i++) {
xtmp = sk_X509_value(certs, i);
- if (!X509_cmp(xtmp, x))
+ if (!X509_cmp(xtmp, x)) {
break;
+ }
}
- if (i < sk_X509_num(certs))
+ if (i < sk_X509_num(certs)) {
X509_up_ref(xtmp);
- else
+ } else {
xtmp = NULL;
+ }
sk_X509_pop_free(certs, X509_free);
return xtmp;
}
@@ -226,11 +229,12 @@
for (;;) {
/* If we have enough, we break */
- if (depth < num)
+ if (depth < num) {
break; /* FIXME: If this happens, we should take
* note of it and, if appropriate, use the
* X509_V_ERR_CERT_CHAIN_TOO_LONG error code
* later. */
+ }
int is_self_signed;
if (!cert_self_signed(x, &is_self_signed)) {
@@ -239,8 +243,9 @@
}
/* If we are self signed, we break */
- if (is_self_signed)
+ if (is_self_signed) {
break;
+ }
/*
* If asked see if we can find issuer in trusted store first
*/
@@ -318,12 +323,14 @@
ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
ctx->current_cert = x;
ctx->error_depth = i - 1;
- if (ok == 1)
+ if (ok == 1) {
X509_free(xtmp);
+ }
bad_chain = 1;
ok = ctx->verify_cb(0, ctx);
- if (!ok)
+ if (!ok) {
goto end;
+ }
} else {
/*
* We have a match: replace certificate with store
@@ -348,23 +355,26 @@
/* We now lookup certs from the certificate store */
for (;;) {
/* If we have enough, we break */
- if (depth < num)
+ if (depth < num) {
break;
+ }
if (!cert_self_signed(x, &is_self_signed)) {
ctx->error = X509_V_ERR_INVALID_EXTENSION;
goto end;
}
/* If we are self signed, we break */
- if (is_self_signed)
+ if (is_self_signed) {
break;
+ }
ok = ctx->get_issuer(&xtmp, ctx, x);
if (ok < 0) {
ctx->error = X509_V_ERR_STORE_LOOKUP;
goto end;
}
- if (ok == 0)
+ if (ok == 0) {
break;
+ }
x = xtmp;
if (!sk_X509_push(ctx->chain, x)) {
X509_free(xtmp);
@@ -397,8 +407,9 @@
while (j-- > 1) {
xtmp2 = sk_X509_value(ctx->chain, j - 1);
ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
- if (ok < 0)
+ if (ok < 0) {
goto end;
+ }
/* Check if we found an alternate chain */
if (ok > 0) {
/*
@@ -430,10 +441,11 @@
*/
if (trust != X509_TRUST_TRUSTED && !bad_chain) {
if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
- if (ctx->last_untrusted >= num)
+ if (ctx->last_untrusted >= num) {
ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
- else
+ } else {
ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
+ }
ctx->current_cert = x;
} else {
sk_X509_push(ctx->chain, chain_ss);
@@ -447,20 +459,23 @@
ctx->error_depth = num - 1;
bad_chain = 1;
ok = ctx->verify_cb(0, ctx);
- if (!ok)
+ if (!ok) {
goto end;
+ }
}
/* We have the chain complete: now we need to check its purpose */
ok = check_chain_extensions(ctx);
- if (!ok)
+ if (!ok) {
goto end;
+ }
ok = check_id(ctx);
- if (!ok)
+ if (!ok) {
goto end;
+ }
/*
* Check revocation status: we do this after copying parameters because
@@ -468,8 +483,9 @@
*/
ok = ctx->check_revocation(ctx);
- if (!ok)
+ if (!ok) {
goto end;
+ }
int err = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain,
ctx->param->flags);
@@ -477,37 +493,45 @@
ctx->error = err;
ctx->current_cert = sk_X509_value(ctx->chain, ctx->error_depth);
ok = ctx->verify_cb(0, ctx);
- if (!ok)
+ if (!ok) {
goto end;
+ }
}
/* At this point, we have a chain and need to verify it */
- if (ctx->verify != NULL)
+ if (ctx->verify != NULL) {
ok = ctx->verify(ctx);
- else
+ } else {
ok = internal_verify(ctx);
- if (!ok)
+ }
+ if (!ok) {
goto end;
+ }
/* Check name constraints */
ok = check_name_constraints(ctx);
- if (!ok)
+ if (!ok) {
goto end;
+ }
/* If we get this far evaluate policies */
- if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
+ if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) {
ok = ctx->check_policy(ctx);
+ }
end:
- if (sktmp != NULL)
+ if (sktmp != NULL) {
sk_X509_free(sktmp);
- if (chain_ss != NULL)
+ }
+ if (chain_ss != NULL) {
X509_free(chain_ss);
+ }
/* Safety net, error returns must set ctx->error */
- if (ok <= 0 && ctx->error == X509_V_OK)
+ if (ok <= 0 && ctx->error == X509_V_OK) {
ctx->error = X509_V_ERR_UNSPECIFIED;
+ }
return ok;
}
@@ -520,8 +544,9 @@
X509 *issuer;
for (i = 0; i < sk_X509_num(sk); i++) {
issuer = sk_X509_value(sk, i);
- if (ctx->check_issued(ctx, x, issuer))
+ if (ctx->check_issued(ctx, x, issuer)) {
return issuer;
+ }
}
return NULL;
}
@@ -531,11 +556,13 @@
static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) {
int ret;
ret = X509_check_issued(issuer, x);
- if (ret == X509_V_OK)
+ if (ret == X509_V_OK) {
return 1;
+ }
/* If we haven't asked for issuer errors don't set ctx */
- if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK))
+ if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) {
return 0;
+ }
ctx->error = ret;
ctx->current_cert = x;
@@ -550,8 +577,9 @@
if (*issuer) {
X509_up_ref(*issuer);
return 1;
- } else
+ } else {
return 0;
+ }
}
/*
@@ -595,16 +623,18 @@
ctx->error_depth = i;
ctx->current_cert = x;
ok = ctx->verify_cb(0, ctx);
- if (!ok)
+ if (!ok) {
goto end;
+ }
}
if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) {
ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
ctx->error_depth = i;
ctx->current_cert = x;
ok = ctx->verify_cb(0, ctx);
- if (!ok)
+ if (!ok) {
goto end;
+ }
}
switch (ca_requirement) {
@@ -615,15 +645,17 @@
if (X509_check_ca(x)) {
ret = 0;
ctx->error = X509_V_ERR_INVALID_NON_CA;
- } else
+ } else {
ret = 1;
+ }
break;
case must_be_ca:
if (!X509_check_ca(x)) {
ret = 0;
ctx->error = X509_V_ERR_INVALID_CA;
- } else
+ } else {
ret = 1;
+ }
break;
default:
// impossible.
@@ -634,8 +666,9 @@
ctx->error_depth = i;
ctx->current_cert = x;
ok = ctx->verify_cb(0, ctx);
- if (!ok)
+ if (!ok) {
goto end;
+ }
}
if (ctx->param->purpose > 0) {
ret = X509_check_purpose(x, purpose, ca_requirement == must_be_ca);
@@ -645,8 +678,9 @@
ctx->error_depth = i;
ctx->current_cert = x;
ok = ctx->verify_cb(0, ctx);
- if (!ok)
+ if (!ok) {
goto end;
+ }
}
}
/* Check pathlen if not self issued */
@@ -656,12 +690,14 @@
ctx->error_depth = i;
ctx->current_cert = x;
ok = ctx->verify_cb(0, ctx);
- if (!ok)
+ if (!ok) {
goto end;
+ }
}
/* Increment path length if not self issued */
- if (!(x->ex_flags & EXFLAG_SI))
+ if (!(x->ex_flags & EXFLAG_SI)) {
plen++;
+ }
/*
* If this certificate is a proxy certificate, the next certificate
* must be another proxy certificate or a EE certificate. If not,
@@ -673,8 +709,9 @@
ctx->error_depth = i;
ctx->current_cert = x;
ok = ctx->verify_cb(0, ctx);
- if (!ok)
+ if (!ok) {
goto end;
+ }
}
proxy_path_length++;
ca_requirement = must_not_be_ca;
@@ -720,8 +757,9 @@
for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) {
X509 *x = sk_X509_value(ctx->chain, i);
/* Ignore self issued certs unless last in chain */
- if (i && (x->ex_flags & EXFLAG_SI))
+ if (i && (x->ex_flags & EXFLAG_SI)) {
continue;
+ }
/*
* Check against constraints for all certificates higher in chain
* including trust anchor. Trust anchor not strictly speaking needed
@@ -743,8 +781,9 @@
ctx->error = rv;
ctx->error_depth = i;
ctx->current_cert = x;
- if (!ctx->verify_cb(0, ctx))
+ if (!ctx->verify_cb(0, ctx)) {
return 0;
+ }
break;
}
}
@@ -774,8 +813,9 @@
ctx->error = rv;
ctx->error_depth = i;
ctx->current_cert = leaf;
- if (!ctx->verify_cb(0, ctx))
+ if (!ctx->verify_cb(0, ctx)) {
return 0;
+ }
break;
}
}
@@ -802,8 +842,9 @@
for (i = 0; i < n; ++i) {
name = sk_OPENSSL_STRING_value(param->hosts, i);
if (X509_check_host(x, name, strlen(name), param->hostflags,
- ¶m->peername) > 0)
+ ¶m->peername) > 0) {
return 1;
+ }
}
return n == 0;
}
@@ -812,20 +853,24 @@
X509_VERIFY_PARAM *vpm = ctx->param;
X509 *x = ctx->cert;
if (vpm->poison) {
- if (!check_id_error(ctx, X509_V_ERR_INVALID_CALL))
+ if (!check_id_error(ctx, X509_V_ERR_INVALID_CALL)) {
return 0;
+ }
}
if (vpm->hosts && check_hosts(x, vpm) <= 0) {
- if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH))
+ if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) {
return 0;
+ }
}
if (vpm->email && X509_check_email(x, vpm->email, vpm->emaillen, 0) <= 0) {
- if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH))
+ if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH)) {
return 0;
+ }
}
if (vpm->ip && X509_check_ip(x, vpm->ip, vpm->iplen, 0) <= 0) {
- if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH))
+ if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH)) {
return 0;
+ }
}
return 1;
}
@@ -839,8 +884,9 @@
x = sk_X509_value(ctx->chain, i);
ok = X509_check_trust(x, ctx->param->trust, 0);
/* If explicitly trusted return trusted */
- if (ok == X509_TRUST_TRUSTED)
+ if (ok == X509_TRUST_TRUSTED) {
return X509_TRUST_TRUSTED;
+ }
/*
* If explicitly rejected notify callback and reject if not
* overridden.
@@ -850,8 +896,9 @@
ctx->current_cert = x;
ctx->error = X509_V_ERR_CERT_REJECTED;
ok = ctx->verify_cb(0, ctx);
- if (!ok)
+ if (!ok) {
return X509_TRUST_REJECTED;
+ }
}
}
/*
@@ -860,8 +907,9 @@
*/
if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
X509 *mx;
- if (ctx->last_untrusted < (int)sk_X509_num(ctx->chain))
+ if (ctx->last_untrusted < (int)sk_X509_num(ctx->chain)) {
return X509_TRUST_TRUSTED;
+ }
x = sk_X509_value(ctx->chain, 0);
mx = lookup_cert_match(ctx, x);
if (mx) {
@@ -881,21 +929,24 @@
static int check_revocation(X509_STORE_CTX *ctx) {
int i, last, ok;
- if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK))
+ if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) {
return 1;
- if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
+ }
+ if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) {
last = sk_X509_num(ctx->chain) - 1;
- else {
+ } else {
/* If checking CRL paths this isn't the EE certificate */
- if (ctx->parent)
+ if (ctx->parent) {
return 1;
+ }
last = 0;
}
for (i = 0; i <= last; i++) {
ctx->error_depth = i;
ok = check_cert(ctx);
- if (!ok)
+ if (!ok) {
return ok;
+ }
}
return 1;
}
@@ -914,10 +965,11 @@
while (ctx->current_reasons != CRLDP_ALL_REASONS) {
last_reasons = ctx->current_reasons;
/* Try to retrieve relevant CRL */
- if (ctx->get_crl)
+ if (ctx->get_crl) {
ok = ctx->get_crl(ctx, &crl, x);
- else
+ } else {
ok = get_crl_delta(ctx, &crl, &dcrl, x);
+ }
/*
* If error looking up CRL, nothing we can do except notify callback
*/
@@ -928,24 +980,29 @@
}
ctx->current_crl = crl;
ok = ctx->check_crl(ctx, crl);
- if (!ok)
+ if (!ok) {
goto err;
+ }
if (dcrl) {
ok = ctx->check_crl(ctx, dcrl);
- if (!ok)
+ if (!ok) {
goto err;
+ }
ok = ctx->cert_crl(ctx, dcrl, x);
- if (!ok)
+ if (!ok) {
goto err;
- } else
+ }
+ } else {
ok = 1;
+ }
/* Don't look in full CRL if delta reason is removefromCRL */
if (ok != 2) {
ok = ctx->cert_crl(ctx, crl, x);
- if (!ok)
+ if (!ok) {
goto err;
+ }
}
X509_CRL_free(crl);
@@ -975,52 +1032,63 @@
static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) {
time_t *ptime;
int i;
- if (notify)
+ if (notify) {
ctx->current_crl = crl;
- if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
+ }
+ if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) {
ptime = &ctx->param->check_time;
- else
+ } else {
ptime = NULL;
+ }
i = X509_cmp_time(X509_CRL_get0_lastUpdate(crl), ptime);
if (i == 0) {
- if (!notify)
+ if (!notify) {
return 0;
+ }
ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
- if (!ctx->verify_cb(0, ctx))
+ if (!ctx->verify_cb(0, ctx)) {
return 0;
+ }
}
if (i > 0) {
- if (!notify)
+ if (!notify) {
return 0;
+ }
ctx->error = X509_V_ERR_CRL_NOT_YET_VALID;
- if (!ctx->verify_cb(0, ctx))
+ if (!ctx->verify_cb(0, ctx)) {
return 0;
+ }
}
if (X509_CRL_get0_nextUpdate(crl)) {
i = X509_cmp_time(X509_CRL_get0_nextUpdate(crl), ptime);
if (i == 0) {
- if (!notify)
+ if (!notify) {
return 0;
+ }
ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
- if (!ctx->verify_cb(0, ctx))
+ if (!ctx->verify_cb(0, ctx)) {
return 0;
+ }
}
/* Ignore expiry of base CRL is delta is valid */
if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) {
- if (!notify)
+ if (!notify) {
return 0;
+ }
ctx->error = X509_V_ERR_CRL_HAS_EXPIRED;
- if (!ctx->verify_cb(0, ctx))
+ if (!ctx->verify_cb(0, ctx)) {
return 0;
+ }
}
}
- if (notify)
+ if (notify) {
ctx->current_crl = NULL;
+ }
return 1;
}
@@ -1039,20 +1107,23 @@
crl = sk_X509_CRL_value(crls, i);
reasons = *preasons;
crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
- if (crl_score < best_score || crl_score == 0)
+ if (crl_score < best_score || crl_score == 0) {
continue;
+ }
/* If current CRL is equivalent use it if it is newer */
if (crl_score == best_score && best_crl != NULL) {
int day, sec;
if (ASN1_TIME_diff(&day, &sec, X509_CRL_get0_lastUpdate(best_crl),
- X509_CRL_get0_lastUpdate(crl)) == 0)
+ X509_CRL_get0_lastUpdate(crl)) == 0) {
continue;
+ }
/*
* ASN1_TIME_diff never returns inconsistent signs for |day|
* and |sec|.
*/
- if (day <= 0 && sec <= 0)
+ if (day <= 0 && sec <= 0) {
continue;
+ }
}
best_crl = crl;
best_crl_issuer = crl_issuer;
@@ -1061,8 +1132,9 @@
}
if (best_crl) {
- if (*pcrl)
+ if (*pcrl) {
X509_CRL_free(*pcrl);
+ }
*pcrl = best_crl;
*pissuer = best_crl_issuer;
*pscore = best_score;
@@ -1075,8 +1147,9 @@
get_delta_sk(ctx, pdcrl, pscore, best_crl, crls);
}
- if (best_score >= CRL_SCORE_VALID)
+ if (best_score >= CRL_SCORE_VALID) {
return 1;
+ }
return 0;
}
@@ -1092,29 +1165,36 @@
i = X509_CRL_get_ext_by_NID(a, nid, -1);
if (i >= 0) {
/* Can't have multiple occurrences */
- if (X509_CRL_get_ext_by_NID(a, nid, i) != -1)
+ if (X509_CRL_get_ext_by_NID(a, nid, i) != -1) {
return 0;
+ }
exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i));
- } else
+ } else {
exta = NULL;
+ }
i = X509_CRL_get_ext_by_NID(b, nid, -1);
if (i >= 0) {
- if (X509_CRL_get_ext_by_NID(b, nid, i) != -1)
+ if (X509_CRL_get_ext_by_NID(b, nid, i) != -1) {
return 0;
+ }
extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i));
- } else
+ } else {
extb = NULL;
+ }
- if (!exta && !extb)
+ if (!exta && !extb) {
return 1;
+ }
- if (!exta || !extb)
+ if (!exta || !extb) {
return 0;
+ }
- if (ASN1_OCTET_STRING_cmp(exta, extb))
+ if (ASN1_OCTET_STRING_cmp(exta, extb)) {
return 0;
+ }
return 1;
}
@@ -1123,25 +1203,32 @@
static int check_delta_base(X509_CRL *delta, X509_CRL *base) {
/* Delta CRL must be a delta */
- if (!delta->base_crl_number)
+ if (!delta->base_crl_number) {
return 0;
+ }
/* Base must have a CRL number */
- if (!base->crl_number)
+ if (!base->crl_number) {
return 0;
+ }
/* Issuer names must match */
- if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(delta)))
+ if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(delta))) {
return 0;
+ }
/* AKID and IDP must match */
- if (!crl_extension_match(delta, base, NID_authority_key_identifier))
+ if (!crl_extension_match(delta, base, NID_authority_key_identifier)) {
return 0;
- if (!crl_extension_match(delta, base, NID_issuing_distribution_point))
+ }
+ if (!crl_extension_match(delta, base, NID_issuing_distribution_point)) {
return 0;
+ }
/* Delta CRL base number must not exceed Full CRL number. */
- if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
+ if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0) {
return 0;
+ }
/* Delta CRL number must exceed full CRL number */
- if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0)
+ if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0) {
return 1;
+ }
return 0;
}
@@ -1154,15 +1241,18 @@
X509_CRL *base, STACK_OF(X509_CRL) *crls) {
X509_CRL *delta;
size_t i;
- if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS))
+ if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS)) {
return;
- if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST))
+ }
+ if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST)) {
return;
+ }
for (i = 0; i < sk_X509_CRL_num(crls); i++) {
delta = sk_X509_CRL_value(crls, i);
if (check_delta_base(delta, base)) {
- if (check_crl_time(ctx, delta, 0))
+ if (check_crl_time(ctx, delta, 0)) {
*pscore |= CRL_SCORE_TIME_DELTA;
+ }
X509_CRL_up_ref(delta);
*dcrl = delta;
return;
@@ -1187,48 +1277,58 @@
/* First see if we can reject CRL straight away */
/* Invalid IDP cannot be processed */
- if (crl->idp_flags & IDP_INVALID)
+ if (crl->idp_flags & IDP_INVALID) {
return 0;
+ }
/* Reason codes or indirect CRLs need extended CRL support */
if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) {
- if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS))
+ if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS)) {
return 0;
+ }
} else if (crl->idp_flags & IDP_REASONS) {
/* If no new reasons reject */
- if (!(crl->idp_reasons & ~tmp_reasons))
+ if (!(crl->idp_reasons & ~tmp_reasons)) {
return 0;
+ }
}
/* Don't process deltas at this stage */
- else if (crl->base_crl_number)
+ else if (crl->base_crl_number) {
return 0;
+ }
/* If issuer name doesn't match certificate need indirect CRL */
if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) {
- if (!(crl->idp_flags & IDP_INDIRECT))
+ if (!(crl->idp_flags & IDP_INDIRECT)) {
return 0;
- } else
+ }
+ } else {
crl_score |= CRL_SCORE_ISSUER_NAME;
+ }
- if (!(crl->flags & EXFLAG_CRITICAL))
+ if (!(crl->flags & EXFLAG_CRITICAL)) {
crl_score |= CRL_SCORE_NOCRITICAL;
+ }
/* Check expiry */
- if (check_crl_time(ctx, crl, 0))
+ if (check_crl_time(ctx, crl, 0)) {
crl_score |= CRL_SCORE_TIME;
+ }
/* Check authority key ID and locate certificate issuer */
crl_akid_check(ctx, crl, pissuer, &crl_score);
/* If we can't locate certificate issuer at this point forget it */
- if (!(crl_score & CRL_SCORE_AKID))
+ if (!(crl_score & CRL_SCORE_AKID)) {
return 0;
+ }
/* Check cert for matching CRL distribution points */
if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) {
/* If no new reasons reject */
- if (!(crl_reasons & ~tmp_reasons))
+ if (!(crl_reasons & ~tmp_reasons)) {
return 0;
+ }
tmp_reasons |= crl_reasons;
crl_score |= CRL_SCORE_SCOPE;
}
@@ -1245,8 +1345,9 @@
int cidx = ctx->error_depth;
size_t i;
- if ((size_t)cidx != sk_X509_num(ctx->chain) - 1)
+ if ((size_t)cidx != sk_X509_num(ctx->chain) - 1) {
cidx++;
+ }
crl_issuer = sk_X509_value(ctx->chain, cidx);
@@ -1260,8 +1361,9 @@
for (cidx++; cidx < (int)sk_X509_num(ctx->chain); cidx++) {
crl_issuer = sk_X509_value(ctx->chain, cidx);
- if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
+ if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) {
continue;
+ }
if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
*pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_SAME_PATH;
*pissuer = crl_issuer;
@@ -1271,8 +1373,9 @@
/* Anything else needs extended CRL support */
- if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
+ if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) {
return;
+ }
/*
* Otherwise the CRL issuer is not on the path. Look for it in the set of
@@ -1280,8 +1383,9 @@
*/
for (i = 0; i < sk_X509_num(ctx->untrusted); i++) {
crl_issuer = sk_X509_value(ctx->untrusted, i);
- if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
+ if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) {
continue;
+ }
if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
*pissuer = crl_issuer;
*pcrl_score |= CRL_SCORE_AKID;
@@ -1301,10 +1405,12 @@
X509_STORE_CTX crl_ctx;
int ret;
/* Don't allow recursive CRL path validation */
- if (ctx->parent)
+ if (ctx->parent) {
return 0;
- if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted))
+ }
+ if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted)) {
return -1;
+ }
crl_ctx.crls = ctx->crls;
/* Copy verify params across */
@@ -1316,8 +1422,9 @@
/* Verify CRL issuer */
ret = X509_verify_cert(&crl_ctx);
- if (ret <= 0)
+ if (ret <= 0) {
goto err;
+ }
/* Check chain is acceptable */
@@ -1341,8 +1448,9 @@
X509 *cert_ta, *crl_ta;
cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1);
crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1);
- if (!X509_cmp(cert_ta, crl_ta))
+ if (!X509_cmp(cert_ta, crl_ta)) {
return 1;
+ }
return 0;
}
@@ -1358,26 +1466,31 @@
GENERAL_NAMES *gens = NULL;
GENERAL_NAME *gena, *genb;
size_t i, j;
- if (!a || !b)
+ if (!a || !b) {
return 1;
+ }
if (a->type == 1) {
- if (!a->dpname)
+ if (!a->dpname) {
return 0;
+ }
/* Case 1: two X509_NAME */
if (b->type == 1) {
- if (!b->dpname)
+ if (!b->dpname) {
return 0;
- if (!X509_NAME_cmp(a->dpname, b->dpname))
+ }
+ if (!X509_NAME_cmp(a->dpname, b->dpname)) {
return 1;
- else
+ } else {
return 0;
+ }
}
/* Case 2: set name and GENERAL_NAMES appropriately */
nm = a->dpname;
gens = b->name.fullname;
} else if (b->type == 1) {
- if (!b->dpname)
+ if (!b->dpname) {
return 0;
+ }
/* Case 2: set name and GENERAL_NAMES appropriately */
gens = a->name.fullname;
nm = b->dpname;
@@ -1387,10 +1500,12 @@
if (nm) {
for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
gena = sk_GENERAL_NAME_value(gens, i);
- if (gena->type != GEN_DIRNAME)
+ if (gena->type != GEN_DIRNAME) {
continue;
- if (!X509_NAME_cmp(nm, gena->d.directoryName))
+ }
+ if (!X509_NAME_cmp(nm, gena->d.directoryName)) {
return 1;
+ }
}
return 0;
}
@@ -1401,8 +1516,9 @@
gena = sk_GENERAL_NAME_value(a->name.fullname, i);
for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) {
genb = sk_GENERAL_NAME_value(b->name.fullname, j);
- if (!GENERAL_NAME_cmp(gena, genb))
+ if (!GENERAL_NAME_cmp(gena, genb)) {
return 1;
+ }
}
}
@@ -1413,14 +1529,17 @@
size_t i;
X509_NAME *nm = X509_CRL_get_issuer(crl);
/* If no CRLissuer return is successful iff don't need a match */
- if (!dp->CRLissuer)
+ if (!dp->CRLissuer) {
return !!(crl_score & CRL_SCORE_ISSUER_NAME);
+ }
for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
- if (gen->type != GEN_DIRNAME)
+ if (gen->type != GEN_DIRNAME) {
continue;
- if (!X509_NAME_cmp(gen->d.directoryName, nm))
+ }
+ if (!X509_NAME_cmp(gen->d.directoryName, nm)) {
return 1;
+ }
}
return 0;
}
@@ -1430,14 +1549,17 @@
static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
unsigned int *preasons) {
size_t i;
- if (crl->idp_flags & IDP_ONLYATTR)
+ if (crl->idp_flags & IDP_ONLYATTR) {
return 0;
+ }
if (x->ex_flags & EXFLAG_CA) {
- if (crl->idp_flags & IDP_ONLYUSER)
+ if (crl->idp_flags & IDP_ONLYUSER) {
return 0;
+ }
} else {
- if (crl->idp_flags & IDP_ONLYCA)
+ if (crl->idp_flags & IDP_ONLYCA) {
return 0;
+ }
}
*preasons = crl->idp_reasons;
for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) {
@@ -1450,8 +1572,9 @@
}
}
if ((!crl->idp || !crl->idp->distpoint) &&
- (crl_score & CRL_SCORE_ISSUER_NAME))
+ (crl_score & CRL_SCORE_ISSUER_NAME)) {
return 1;
+ }
return 0;
}
@@ -1472,16 +1595,18 @@
reasons = ctx->current_reasons;
ok = get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, ctx->crls);
- if (ok)
+ if (ok) {
goto done;
+ }
/* Lookup CRLs from store */
skcrl = ctx->lookup_crls(ctx, nm);
/* If no CRLs found and a near match from get_crl_sk use that */
- if (!skcrl && crl)
+ if (!skcrl && crl) {
goto done;
+ }
get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl);
@@ -1510,23 +1635,25 @@
cnum = ctx->error_depth;
chnum = sk_X509_num(ctx->chain) - 1;
/* if we have an alternative CRL issuer cert use that */
- if (ctx->current_issuer)
+ if (ctx->current_issuer) {
issuer = ctx->current_issuer;
+ }
/*
* Else find CRL issuer: if not last certificate then issuer is next
* certificate in chain.
*/
- else if (cnum < chnum)
+ else if (cnum < chnum) {
issuer = sk_X509_value(ctx->chain, cnum + 1);
- else {
+ } else {
issuer = sk_X509_value(ctx->chain, chnum);
/* If not self signed, can't check signature */
if (!ctx->check_issued(ctx, issuer, issuer)) {
ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
ok = ctx->verify_cb(0, ctx);
- if (!ok)
+ if (!ok) {
goto err;
+ }
}
}
@@ -1540,38 +1667,43 @@
!(issuer->ex_kusage & KU_CRL_SIGN)) {
ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
ok = ctx->verify_cb(0, ctx);
- if (!ok)
+ if (!ok) {
goto err;
+ }
}
if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) {
ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE;
ok = ctx->verify_cb(0, ctx);
- if (!ok)
+ if (!ok) {
goto err;
+ }
}
if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) {
if (check_crl_path(ctx, ctx->current_issuer) <= 0) {
ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR;
ok = ctx->verify_cb(0, ctx);
- if (!ok)
+ if (!ok) {
goto err;
+ }
}
}
if (crl->idp_flags & IDP_INVALID) {
ctx->error = X509_V_ERR_INVALID_EXTENSION;
ok = ctx->verify_cb(0, ctx);
- if (!ok)
+ if (!ok) {
goto err;
+ }
}
}
if (!(ctx->current_crl_score & CRL_SCORE_TIME)) {
ok = check_crl_time(ctx, crl, 1);
- if (!ok)
+ if (!ok) {
goto err;
+ }
}
/* Attempt to get issuer certificate public key */
@@ -1580,23 +1712,26 @@
if (!ikey) {
ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
ok = ctx->verify_cb(0, ctx);
- if (!ok)
+ if (!ok) {
goto err;
+ }
} else {
int rv;
rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags);
if (rv != X509_V_OK) {
ctx->error = rv;
ok = ctx->verify_cb(0, ctx);
- if (!ok)
+ if (!ok) {
goto err;
+ }
}
/* Verify CRL signature */
if (X509_CRL_verify(crl, ikey) <= 0) {
ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE;
ok = ctx->verify_cb(0, ctx);
- if (!ok)
+ if (!ok) {
goto err;
+ }
}
}
}
@@ -1622,20 +1757,23 @@
(crl->flags & EXFLAG_CRITICAL)) {
ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
ok = ctx->verify_cb(0, ctx);
- if (!ok)
+ if (!ok) {
return 0;
+ }
}
/*
* Look for serial number of certificate in CRL If found make sure reason
* is not removeFromCRL.
*/
if (X509_CRL_get0_by_cert(crl, &rev, x)) {
- if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
+ if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) {
return 2;
+ }
ctx->error = X509_V_ERR_CERT_REVOKED;
ok = ctx->verify_cb(0, ctx);
- if (!ok)
+ if (!ok) {
return 0;
+ }
}
return 1;
@@ -1643,8 +1781,9 @@
static int check_policy(X509_STORE_CTX *ctx) {
int ret;
- if (ctx->parent)
+ if (ctx->parent) {
return 1;
+ }
ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
ctx->param->policies, ctx->param->flags);
if (ret == 0) {
@@ -1661,12 +1800,14 @@
size_t i;
for (i = 1; i < sk_X509_num(ctx->chain); i++) {
x = sk_X509_value(ctx->chain, i);
- if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
+ if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) {
continue;
+ }
ctx->current_cert = x;
ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
- if (!ctx->verify_cb(0, ctx))
+ if (!ctx->verify_cb(0, ctx)) {
return 0;
+ }
}
return 1;
}
@@ -1684,8 +1825,9 @@
* remain in an error state. Therefore, we MUST NOT clear earlier
* verification errors by setting the error to X509_V_OK.
*/
- if (!ctx->verify_cb(2, ctx))
+ if (!ctx->verify_cb(2, ctx)) {
return 0;
+ }
}
return 1;
@@ -1695,39 +1837,44 @@
time_t *ptime;
int i;
- if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
+ if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) {
ptime = &ctx->param->check_time;
- else
+ } else {
ptime = NULL;
+ }
i = X509_cmp_time(X509_get_notBefore(x), ptime);
if (i == 0) {
ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
ctx->current_cert = x;
- if (!ctx->verify_cb(0, ctx))
+ if (!ctx->verify_cb(0, ctx)) {
return 0;
+ }
}
if (i > 0) {
ctx->error = X509_V_ERR_CERT_NOT_YET_VALID;
ctx->current_cert = x;
- if (!ctx->verify_cb(0, ctx))
+ if (!ctx->verify_cb(0, ctx)) {
return 0;
+ }
}
i = X509_cmp_time(X509_get_notAfter(x), ptime);
if (i == 0) {
ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
ctx->current_cert = x;
- if (!ctx->verify_cb(0, ctx))
+ if (!ctx->verify_cb(0, ctx)) {
return 0;
+ }
}
if (i < 0) {
ctx->error = X509_V_ERR_CERT_HAS_EXPIRED;
ctx->current_cert = x;
- if (!ctx->verify_cb(0, ctx))
+ if (!ctx->verify_cb(0, ctx)) {
return 0;
+ }
}
return 1;
@@ -1743,9 +1890,9 @@
n--;
xi = sk_X509_value(ctx->chain, n);
- if (ctx->check_issued(ctx, xi, xi))
+ if (ctx->check_issued(ctx, xi, xi)) {
xs = xi;
- else {
+ } else {
if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
xs = xi;
goto check_cert;
@@ -1776,8 +1923,9 @@
ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
ctx->current_cert = xi;
ok = ctx->verify_cb(0, ctx);
- if (!ok)
+ if (!ok) {
goto end;
+ }
} else if (X509_verify(xs, pkey) <= 0) {
ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE;
ctx->current_cert = xs;
@@ -1793,15 +1941,17 @@
check_cert:
ok = check_cert_time(ctx, xs);
- if (!ok)
+ if (!ok) {
goto end;
+ }
/* The last error (if any) is still in the error value */
ctx->current_issuer = xi;
ctx->current_cert = xs;
ok = ctx->verify_cb(1, ctx);
- if (!ok)
+ if (!ok) {
goto end;
+ }
n--;
if (n >= 0) {
@@ -1837,12 +1987,14 @@
*/
switch (ctm->type) {
case V_ASN1_UTCTIME:
- if (ctm->length != (int)(utctime_length))
+ if (ctm->length != (int)(utctime_length)) {
return 0;
+ }
break;
case V_ASN1_GENERALIZEDTIME:
- if (ctm->length != (int)(generalizedtime_length))
+ if (ctm->length != (int)(generalizedtime_length)) {
return 0;
+ }
break;
default:
return 0;
@@ -1854,11 +2006,13 @@
* Digit and date ranges will be verified in the conversion methods.
*/
for (i = 0; i < ctm->length - 1; i++) {
- if (!isdigit(ctm->data[i]))
+ if (!isdigit(ctm->data[i])) {
return 0;
+ }
}
- if (ctm->data[ctm->length - 1] != 'Z')
+ if (ctm->data[ctm->length - 1] != 'Z') {
return 0;
+ }
/*
* There is ASN1_UTCTIME_cmp_time_t but no
@@ -1866,10 +2020,12 @@
* so we go through ASN.1
*/
asn1_cmp_time = X509_time_adj(NULL, 0, cmp_time);
- if (asn1_cmp_time == NULL)
+ if (asn1_cmp_time == NULL) {
goto err;
- if (!ASN1_TIME_diff(&day, &sec, ctm, asn1_cmp_time))
+ }
+ if (!ASN1_TIME_diff(&day, &sec, ctm, asn1_cmp_time)) {
goto err;
+ }
/*
* X509_cmp_time comparison is <=.
@@ -1948,21 +2104,26 @@
}
/* Create new CRL */
crl = X509_CRL_new();
- if (!crl || !X509_CRL_set_version(crl, X509_CRL_VERSION_2))
+ if (!crl || !X509_CRL_set_version(crl, X509_CRL_VERSION_2)) {
goto memerr;
+ }
/* Set issuer name */
- if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer)))
+ if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer))) {
goto memerr;
+ }
- if (!X509_CRL_set1_lastUpdate(crl, X509_CRL_get0_lastUpdate(newer)))
+ if (!X509_CRL_set1_lastUpdate(crl, X509_CRL_get0_lastUpdate(newer))) {
goto memerr;
- if (!X509_CRL_set1_nextUpdate(crl, X509_CRL_get0_nextUpdate(newer)))
+ }
+ if (!X509_CRL_set1_nextUpdate(crl, X509_CRL_get0_nextUpdate(newer))) {
goto memerr;
+ }
/* Set base CRL number: must be critical */
- if (!X509_CRL_add1_ext_i2d(crl, NID_delta_crl, base->crl_number, 1, 0))
+ if (!X509_CRL_add1_ext_i2d(crl, NID_delta_crl, base->crl_number, 1, 0)) {
goto memerr;
+ }
/*
* Copy extensions across from newest CRL to delta: this will set CRL
@@ -1972,8 +2133,9 @@
for (i = 0; i < X509_CRL_get_ext_count(newer); i++) {
X509_EXTENSION *ext;
ext = X509_CRL_get_ext(newer, i);
- if (!X509_CRL_add_ext(crl, ext, -1))
+ if (!X509_CRL_add_ext(crl, ext, -1)) {
goto memerr;
+ }
}
/* Go through revoked entries, copying as needed */
@@ -1989,8 +2151,9 @@
*/
if (!X509_CRL_get0_by_serial(base, &rvtmp, rvn->serialNumber)) {
rvtmp = X509_REVOKED_dup(rvn);
- if (!rvtmp)
+ if (!rvtmp) {
goto memerr;
+ }
if (!X509_CRL_add0_revoked(crl, rvtmp)) {
X509_REVOKED_free(rvtmp);
goto memerr;
@@ -1999,15 +2162,17 @@
}
/* TODO: optionally prune deleted entries */
- if (skey && md && !X509_CRL_sign(crl, skey, md))
+ if (skey && md && !X509_CRL_sign(crl, skey, md)) {
goto memerr;
+ }
return crl;
memerr:
OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
- if (crl)
+ if (crl) {
X509_CRL_free(crl);
+ }
return NULL;
}
@@ -2058,8 +2223,9 @@
}
STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) {
- if (!ctx->chain)
+ if (!ctx->chain) {
return NULL;
+ }
return X509_chain_up_ref(ctx->chain);
}
@@ -2112,8 +2278,9 @@
int purpose, int trust) {
int idx;
/* If purpose not set use default */
- if (!purpose)
+ if (!purpose) {
purpose = def_purpose;
+ }
/* If we have a purpose then check it is valid */
if (purpose) {
X509_PURPOSE *ptmp;
@@ -2132,8 +2299,9 @@
ptmp = X509_PURPOSE_get0(idx);
}
/* If trust not set then get from purpose default */
- if (!trust)
+ if (!trust) {
trust = ptmp->trust;
+ }
}
if (trust) {
idx = X509_TRUST_get_by_id(trust);
@@ -2143,10 +2311,12 @@
}
}
- if (purpose && !ctx->param->purpose)
+ if (purpose && !ctx->param->purpose) {
ctx->param->purpose = purpose;
- if (trust && !ctx->param->trust)
+ }
+ if (trust && !ctx->param->trust) {
ctx->param->trust = trust;
+ }
return 1;
}
@@ -2188,8 +2358,9 @@
}
ctx->param = X509_VERIFY_PARAM_new();
- if (!ctx->param)
+ if (!ctx->param) {
goto err;
+ }
/*
* Inherit callbacks and flags from X509_STORE.
@@ -2204,55 +2375,65 @@
goto err;
}
- if (store->check_issued)
+ if (store->check_issued) {
ctx->check_issued = store->check_issued;
- else
+ } else {
ctx->check_issued = check_issued;
+ }
- if (store->get_issuer)
+ if (store->get_issuer) {
ctx->get_issuer = store->get_issuer;
- else
+ } else {
ctx->get_issuer = X509_STORE_CTX_get1_issuer;
+ }
- if (store->verify_cb)
+ if (store->verify_cb) {
ctx->verify_cb = store->verify_cb;
- else
+ } else {
ctx->verify_cb = null_callback;
+ }
- if (store->verify)
+ if (store->verify) {
ctx->verify = store->verify;
- else
+ } else {
ctx->verify = internal_verify;
+ }
- if (store->check_revocation)
+ if (store->check_revocation) {
ctx->check_revocation = store->check_revocation;
- else
+ } else {
ctx->check_revocation = check_revocation;
+ }
- if (store->get_crl)
+ if (store->get_crl) {
ctx->get_crl = store->get_crl;
- else
+ } else {
ctx->get_crl = NULL;
+ }
- if (store->check_crl)
+ if (store->check_crl) {
ctx->check_crl = store->check_crl;
- else
+ } else {
ctx->check_crl = check_crl;
+ }
- if (store->cert_crl)
+ if (store->cert_crl) {
ctx->cert_crl = store->cert_crl;
- else
+ } else {
ctx->cert_crl = cert_crl;
+ }
- if (store->lookup_certs)
+ if (store->lookup_certs) {
ctx->lookup_certs = store->lookup_certs;
- else
+ } else {
ctx->lookup_certs = X509_STORE_get1_certs;
+ }
- if (store->lookup_crls)
+ if (store->lookup_crls) {
ctx->lookup_crls = store->lookup_crls;
- else
+ } else {
ctx->lookup_crls = X509_STORE_get1_crls;
+ }
ctx->check_policy = check_policy;
@@ -2287,8 +2468,9 @@
ctx->cleanup = NULL;
}
if (ctx->param != NULL) {
- if (ctx->parent == NULL)
+ if (ctx->parent == NULL) {
X509_VERIFY_PARAM_free(ctx->param);
+ }
ctx->param = NULL;
}
if (ctx->tree != NULL) {
@@ -2334,8 +2516,9 @@
int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) {
const X509_VERIFY_PARAM *param;
param = X509_VERIFY_PARAM_lookup(name);
- if (!param)
+ if (!param) {
return 0;
+ }
return X509_VERIFY_PARAM_inherit(ctx->param, param);
}
@@ -2344,7 +2527,8 @@
}
void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) {
- if (ctx->param)
+ if (ctx->param) {
X509_VERIFY_PARAM_free(ctx->param);
+ }
ctx->param = param;
}
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 6f57896..9555c56 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -91,8 +91,9 @@
* Refuse names with embedded NUL bytes.
* XXX: Do we need to push an error onto the error stack?
*/
- if (name && OPENSSL_memchr(name, '\0', namelen))
+ if (name && OPENSSL_memchr(name, '\0', namelen)) {
return 0;
+ }
if (mode == SET_HOST && param->hosts) {
string_stack_free(param->hosts);
@@ -100,8 +101,9 @@
}
copy = OPENSSL_strndup(name, namelen);
- if (copy == NULL)
+ if (copy == NULL) {
return 0;
+ }
if (param->hosts == NULL &&
(param->hosts = sk_OPENSSL_STRING_new_null()) == NULL) {
@@ -122,8 +124,9 @@
}
static void x509_verify_param_zero(X509_VERIFY_PARAM *param) {
- if (!param)
+ if (!param) {
return;
+ }
param->name = NULL;
param->purpose = 0;
param->trust = 0;
@@ -161,16 +164,18 @@
X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) {
X509_VERIFY_PARAM *param;
param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
- if (!param)
+ if (!param) {
return NULL;
+ }
OPENSSL_memset(param, 0, sizeof(X509_VERIFY_PARAM));
x509_verify_param_zero(param);
return param;
}
void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) {
- if (param == NULL)
+ if (param == NULL) {
return;
+ }
x509_verify_param_zero(param);
OPENSSL_free(param);
}
@@ -223,25 +228,30 @@
const X509_VERIFY_PARAM *src) {
unsigned long inh_flags;
int to_default, to_overwrite;
- if (!src)
+ if (!src) {
return 1;
+ }
inh_flags = dest->inh_flags | src->inh_flags;
- if (inh_flags & X509_VP_FLAG_ONCE)
+ if (inh_flags & X509_VP_FLAG_ONCE) {
dest->inh_flags = 0;
+ }
- if (inh_flags & X509_VP_FLAG_LOCKED)
+ if (inh_flags & X509_VP_FLAG_LOCKED) {
return 1;
+ }
- if (inh_flags & X509_VP_FLAG_DEFAULT)
+ if (inh_flags & X509_VP_FLAG_DEFAULT) {
to_default = 1;
- else
+ } else {
to_default = 0;
+ }
- if (inh_flags & X509_VP_FLAG_OVERWRITE)
+ if (inh_flags & X509_VP_FLAG_OVERWRITE) {
to_overwrite = 1;
- else
+ } else {
to_overwrite = 0;
+ }
x509_verify_param_copy(purpose, 0);
x509_verify_param_copy(trust, 0);
@@ -255,14 +265,16 @@
/* Don't need to copy flag: that is done below */
}
- if (inh_flags & X509_VP_FLAG_RESET_FLAGS)
+ if (inh_flags & X509_VP_FLAG_RESET_FLAGS) {
dest->flags = 0;
+ }
dest->flags |= src->flags;
if (test_x509_verify_param_copy(policies, NULL)) {
- if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))
+ if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies)) {
return 0;
+ }
}
/* Copy the host flags if and only if we're copying the host list */
@@ -273,20 +285,23 @@
}
if (src->hosts) {
dest->hosts = sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free);
- if (dest->hosts == NULL)
+ if (dest->hosts == NULL) {
return 0;
+ }
dest->hostflags = src->hostflags;
}
}
if (test_x509_verify_param_copy(email, NULL)) {
- if (!X509_VERIFY_PARAM_set1_email(dest, src->email, src->emaillen))
+ if (!X509_VERIFY_PARAM_set1_email(dest, src->email, src->emaillen)) {
return 0;
+ }
}
if (test_x509_verify_param_copy(ip, NULL)) {
- if (!X509_VERIFY_PARAM_set1_ip(dest, src->ip, src->iplen))
+ if (!X509_VERIFY_PARAM_set1_ip(dest, src->ip, src->iplen)) {
return 0;
+ }
}
dest->poison = src->poison;
@@ -318,27 +333,32 @@
return 0;
}
- if (*pdest)
+ if (*pdest) {
OPENSSL_free(*pdest);
+ }
*pdest = tmp;
- if (pdestlen)
+ if (pdestlen) {
*pdestlen = srclen;
+ }
return 1;
}
int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name) {
- if (param->name)
+ if (param->name) {
OPENSSL_free(param->name);
+ }
param->name = OPENSSL_strdup(name);
- if (param->name)
+ if (param->name) {
return 1;
+ }
return 0;
}
int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags) {
param->flags |= flags;
- if (flags & X509_V_FLAG_POLICY_MASK)
+ if (flags & X509_V_FLAG_POLICY_MASK) {
param->flags |= X509_V_FLAG_POLICY_CHECK;
+ }
return 1;
}
@@ -373,11 +393,13 @@
ASN1_OBJECT *policy) {
if (!param->policies) {
param->policies = sk_ASN1_OBJECT_new_null();
- if (!param->policies)
+ if (!param->policies) {
return 0;
+ }
}
- if (!sk_ASN1_OBJECT_push(param->policies, policy))
+ if (!sk_ASN1_OBJECT_push(param->policies, policy)) {
return 0;
+ }
return 1;
}
@@ -385,10 +407,12 @@
STACK_OF(ASN1_OBJECT) *policies) {
size_t i;
ASN1_OBJECT *oid, *doid;
- if (!param)
+ if (!param) {
return 0;
- if (param->policies)
+ }
+ if (param->policies) {
sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
+ }
if (!policies) {
param->policies = NULL;
@@ -396,14 +420,16 @@
}
param->policies = sk_ASN1_OBJECT_new_null();
- if (!param->policies)
+ if (!param->policies) {
return 0;
+ }
for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) {
oid = sk_ASN1_OBJECT_value(policies, i);
doid = OBJ_dup(oid);
- if (!doid)
+ if (!doid) {
return 0;
+ }
if (!sk_ASN1_OBJECT_push(param->policies, doid)) {
ASN1_OBJECT_free(doid);
return 0;
@@ -468,8 +494,9 @@
size_t iplen;
iplen = (size_t)x509v3_a2i_ipadd(ipout, ipasc);
- if (iplen == 0)
+ if (iplen == 0) {
return 0;
+ }
return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen);
}
@@ -546,8 +573,9 @@
X509_VERIFY_PARAM *ptmp;
if (!param_table) {
param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
- if (!param_table)
+ if (!param_table) {
return 0;
+ }
} else {
size_t idx;
@@ -558,22 +586,25 @@
(void)sk_X509_VERIFY_PARAM_delete(param_table, idx);
}
}
- if (!sk_X509_VERIFY_PARAM_push(param_table, param))
+ if (!sk_X509_VERIFY_PARAM_push(param_table, param)) {
return 0;
+ }
return 1;
}
int X509_VERIFY_PARAM_get_count(void) {
int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM);
- if (param_table)
+ if (param_table) {
num += sk_X509_VERIFY_PARAM_num(param_table);
+ }
return num;
}
const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id) {
int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM);
- if (id < num)
+ if (id < num) {
return default_table + id;
+ }
return sk_X509_VERIFY_PARAM_value(param_table, id - num);
}
@@ -585,8 +616,9 @@
if (param_table) {
size_t idx;
sk_X509_VERIFY_PARAM_sort(param_table);
- if (sk_X509_VERIFY_PARAM_find(param_table, &idx, &pm))
+ if (sk_X509_VERIFY_PARAM_find(param_table, &idx, &pm)) {
return sk_X509_VERIFY_PARAM_value(param_table, idx);
+ }
}
limit = sizeof(default_table) / sizeof(X509_VERIFY_PARAM);
@@ -599,7 +631,8 @@
}
void X509_VERIFY_PARAM_table_cleanup(void) {
- if (param_table)
+ if (param_table) {
sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free);
+ }
param_table = NULL;
}
diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c
index c4c8fca..27c7140 100644
--- a/crypto/x509/x509cset.c
+++ b/crypto/x509/x509cset.c
@@ -89,16 +89,18 @@
}
int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name) {
- if ((x == NULL) || (x->crl == NULL))
+ if ((x == NULL) || (x->crl == NULL)) {
return (0);
+ }
return (X509_NAME_set(&x->crl->issuer, name));
}
int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm) {
ASN1_TIME *in;
- if (x == NULL)
+ if (x == NULL) {
return (0);
+ }
in = x->crl->lastUpdate;
if (in != tm) {
in = ASN1_STRING_dup(tm);
@@ -113,8 +115,9 @@
int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm) {
ASN1_TIME *in;
- if (x == NULL)
+ if (x == NULL) {
return (0);
+ }
in = x->crl->nextUpdate;
if (in != tm) {
in = ASN1_STRING_dup(tm);
@@ -170,10 +173,12 @@
void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
const X509_ALGOR **palg) {
- if (psig != NULL)
+ if (psig != NULL) {
*psig = crl->signature;
- if (palg != NULL)
+ }
+ if (palg != NULL) {
*palg = crl->sig_alg;
+ }
}
int X509_CRL_get_signature_nid(const X509_CRL *crl) {
@@ -188,8 +193,9 @@
const ASN1_TIME *tm) {
ASN1_TIME *in;
- if (revoked == NULL)
+ if (revoked == NULL) {
return (0);
+ }
in = revoked->revocationDate;
if (in != tm) {
in = ASN1_STRING_dup(tm);
@@ -210,8 +216,9 @@
const ASN1_INTEGER *serial) {
ASN1_INTEGER *in;
- if (revoked == NULL)
+ if (revoked == NULL) {
return (0);
+ }
in = revoked->serialNumber;
if (in != serial) {
in = ASN1_INTEGER_dup(serial);
diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c
index 882e0db..d3aa6de 100644
--- a/crypto/x509/x509name.c
+++ b/crypto/x509/x509name.c
@@ -72,8 +72,9 @@
const ASN1_OBJECT *obj;
obj = OBJ_nid2obj(nid);
- if (obj == NULL)
+ if (obj == NULL) {
return (-1);
+ }
return (X509_NAME_get_text_by_OBJ(name, obj, buf, len));
}
@@ -83,20 +84,23 @@
ASN1_STRING *data;
i = X509_NAME_get_index_by_OBJ(name, obj, -1);
- if (i < 0)
+ if (i < 0) {
return (-1);
+ }
data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
i = (data->length > (len - 1)) ? (len - 1) : data->length;
- if (buf == NULL)
+ if (buf == NULL) {
return (data->length);
+ }
OPENSSL_memcpy(buf, data->data, i);
buf[i] = '\0';
return (i);
}
int X509_NAME_entry_count(const X509_NAME *name) {
- if (name == NULL)
+ if (name == NULL) {
return (0);
+ }
return (sk_X509_NAME_ENTRY_num(name->entries));
}
@@ -104,8 +108,9 @@
const ASN1_OBJECT *obj;
obj = OBJ_nid2obj(nid);
- if (obj == NULL)
+ if (obj == NULL) {
return (-2);
+ }
return (X509_NAME_get_index_by_OBJ(name, obj, lastpos));
}
@@ -116,26 +121,30 @@
X509_NAME_ENTRY *ne;
STACK_OF(X509_NAME_ENTRY) *sk;
- if (name == NULL)
+ if (name == NULL) {
return (-1);
- if (lastpos < 0)
+ }
+ if (lastpos < 0) {
lastpos = -1;
+ }
sk = name->entries;
n = sk_X509_NAME_ENTRY_num(sk);
for (lastpos++; lastpos < n; lastpos++) {
ne = sk_X509_NAME_ENTRY_value(sk, lastpos);
- if (OBJ_cmp(ne->object, obj) == 0)
+ if (OBJ_cmp(ne->object, obj) == 0) {
return (lastpos);
+ }
}
return (-1);
}
X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc) {
if (name == NULL || loc < 0 ||
- sk_X509_NAME_ENTRY_num(name->entries) <= (size_t)loc)
+ sk_X509_NAME_ENTRY_num(name->entries) <= (size_t)loc) {
return (NULL);
- else
+ } else {
return (sk_X509_NAME_ENTRY_value(name->entries, loc));
+ }
}
X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc) {
@@ -144,20 +153,23 @@
STACK_OF(X509_NAME_ENTRY) *sk;
if (name == NULL || loc < 0 ||
- sk_X509_NAME_ENTRY_num(name->entries) <= (size_t)loc)
+ sk_X509_NAME_ENTRY_num(name->entries) <= (size_t)loc) {
return (NULL);
+ }
sk = name->entries;
ret = sk_X509_NAME_ENTRY_delete(sk, loc);
n = sk_X509_NAME_ENTRY_num(sk);
name->modified = 1;
- if (loc == n)
+ if (loc == n) {
return (ret);
+ }
/* else we need to fixup the set field */
- if (loc != 0)
+ if (loc != 0) {
set_prev = (sk_X509_NAME_ENTRY_value(sk, loc - 1))->set;
- else
+ } else {
set_prev = ret->set - 1;
+ }
set_next = sk_X509_NAME_ENTRY_value(sk, loc)->set;
/*
@@ -165,9 +177,11 @@
* following prev 1 1 1 1 1 1 1 1 set 1 1 2 2 next 1 1 2 2 2 2 3 2 so
* basically only if prev and next differ by 2, then re-number down by 1
*/
- if (set_prev + 1 < set_next)
- for (i = loc; i < n; i++)
+ if (set_prev + 1 < set_next) {
+ for (i = loc; i < n; i++) {
sk_X509_NAME_ENTRY_value(sk, i)->set--;
+ }
+ }
return (ret);
}
@@ -177,8 +191,9 @@
X509_NAME_ENTRY *ne;
int ret;
ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
- if (!ne)
+ if (!ne) {
return 0;
+ }
ret = X509_NAME_add_entry(name, ne, loc, set);
X509_NAME_ENTRY_free(ne);
return ret;
@@ -190,8 +205,9 @@
X509_NAME_ENTRY *ne;
int ret;
ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
- if (!ne)
+ if (!ne) {
return 0;
+ }
ret = X509_NAME_add_entry(name, ne, loc, set);
X509_NAME_ENTRY_free(ne);
return ret;
@@ -203,8 +219,9 @@
X509_NAME_ENTRY *ne;
int ret;
ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);
- if (!ne)
+ if (!ne) {
return 0;
+ }
ret = X509_NAME_add_entry(name, ne, loc, set);
X509_NAME_ENTRY_free(ne);
return ret;
@@ -220,14 +237,16 @@
int n, i, inc;
STACK_OF(X509_NAME_ENTRY) *sk;
- if (name == NULL)
+ if (name == NULL) {
return (0);
+ }
sk = name->entries;
n = sk_X509_NAME_ENTRY_num(sk);
- if (loc > n)
+ if (loc > n) {
loc = n;
- else if (loc < 0)
+ } else if (loc < 0) {
loc = n;
+ }
inc = (set == 0);
name->modified = 1;
@@ -242,16 +261,19 @@
} else { /* if (set >= 0) */
if (loc >= n) {
- if (loc != 0)
+ if (loc != 0) {
set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set + 1;
- else
+ } else {
set = 0;
- } else
+ }
+ } else {
set = sk_X509_NAME_ENTRY_value(sk, loc)->set;
+ }
}
- if ((new_name = X509_NAME_ENTRY_dup(ne)) == NULL)
+ if ((new_name = X509_NAME_ENTRY_dup(ne)) == NULL) {
goto err;
+ }
new_name->set = set;
if (!sk_X509_NAME_ENTRY_insert(sk, new_name, loc)) {
OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
@@ -259,13 +281,15 @@
}
if (inc) {
n = sk_X509_NAME_ENTRY_num(sk);
- for (i = loc + 1; i < n; i++)
+ for (i = loc + 1; i < n; i++) {
sk_X509_NAME_ENTRY_value(sk, i)->set += 1;
+ }
}
return (1);
err:
- if (new_name != NULL)
+ if (new_name != NULL) {
X509_NAME_ENTRY_free(new_name);
+ }
return (0);
}
@@ -306,22 +330,28 @@
X509_NAME_ENTRY *ret;
if ((ne == NULL) || (*ne == NULL)) {
- if ((ret = X509_NAME_ENTRY_new()) == NULL)
+ if ((ret = X509_NAME_ENTRY_new()) == NULL) {
return (NULL);
- } else
+ }
+ } else {
ret = *ne;
+ }
- if (!X509_NAME_ENTRY_set_object(ret, obj))
+ if (!X509_NAME_ENTRY_set_object(ret, obj)) {
goto err;
- if (!X509_NAME_ENTRY_set_data(ret, type, bytes, len))
+ }
+ if (!X509_NAME_ENTRY_set_data(ret, type, bytes, len)) {
goto err;
+ }
- if ((ne != NULL) && (*ne == NULL))
+ if ((ne != NULL) && (*ne == NULL)) {
*ne = ret;
+ }
return (ret);
err:
- if ((ne == NULL) || (ret != *ne))
+ if ((ne == NULL) || (ret != *ne)) {
X509_NAME_ENTRY_free(ret);
+ }
return (NULL);
}
@@ -339,18 +369,22 @@
const unsigned char *bytes, int len) {
int i;
- if ((ne == NULL) || ((bytes == NULL) && (len != 0)))
+ if ((ne == NULL) || ((bytes == NULL) && (len != 0))) {
return (0);
- if ((type > 0) && (type & MBSTRING_FLAG))
+ }
+ if ((type > 0) && (type & MBSTRING_FLAG)) {
return ASN1_STRING_set_by_NID(&ne->value, bytes, len, type,
OBJ_obj2nid(ne->object))
? 1
: 0;
- if (len < 0)
+ }
+ if (len < 0) {
len = strlen((const char *)bytes);
+ }
i = ASN1_STRING_set(ne->value, bytes, len);
- if (!i)
+ if (!i) {
return (0);
+ }
if (type != V_ASN1_UNDEF) {
ne->value->type = type;
}
@@ -358,13 +392,15 @@
}
ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne) {
- if (ne == NULL)
+ if (ne == NULL) {
return (NULL);
+ }
return (ne->object);
}
ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne) {
- if (ne == NULL)
+ if (ne == NULL) {
return (NULL);
+ }
return (ne->value);
}
diff --git a/crypto/x509/x509rset.c b/crypto/x509/x509rset.c
index c7be677..1d5457f 100644
--- a/crypto/x509/x509rset.c
+++ b/crypto/x509/x509rset.c
@@ -74,14 +74,16 @@
}
int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name) {
- if ((x == NULL) || (x->req_info == NULL))
+ if ((x == NULL) || (x->req_info == NULL)) {
return (0);
+ }
return (X509_NAME_set(&x->req_info->subject, name));
}
int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey) {
- if ((x == NULL) || (x->req_info == NULL))
+ if ((x == NULL) || (x->req_info == NULL)) {
return (0);
+ }
return (X509_PUBKEY_set(&x->req_info->pubkey, pkey));
}
diff --git a/crypto/x509/x509spki.c b/crypto/x509/x509spki.c
index 677d7ea..88ab9cd 100644
--- a/crypto/x509/x509spki.c
+++ b/crypto/x509/x509spki.c
@@ -62,14 +62,16 @@
#include <openssl/x509.h>
int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey) {
- if ((x == NULL) || (x->spkac == NULL))
+ if ((x == NULL) || (x->spkac == NULL)) {
return (0);
+ }
return (X509_PUBKEY_set(&(x->spkac->pubkey), pkey));
}
EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x) {
- if ((x == NULL) || (x->spkac == NULL))
+ if ((x == NULL) || (x->spkac == NULL)) {
return (NULL);
+ }
return (X509_PUBKEY_get(x->spkac->pubkey));
}
@@ -80,8 +82,9 @@
const unsigned char *p;
size_t spki_len;
NETSCAPE_SPKI *spki;
- if (len <= 0)
+ if (len <= 0) {
len = strlen(str);
+ }
if (!EVP_DecodedLength(&spki_len, len)) {
OPENSSL_PUT_ERROR(X509, X509_R_BASE64_DECODE_ERROR);
return NULL;
diff --git a/crypto/x509/x_algor.c b/crypto/x509/x_algor.c
index 0aae11c..8285fb3 100644
--- a/crypto/x509/x_algor.c
+++ b/crypto/x509/x_algor.c
@@ -79,27 +79,32 @@
IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval) {
- if (!alg)
+ if (!alg) {
return 0;
+ }
if (ptype != V_ASN1_UNDEF) {
- if (alg->parameter == NULL)
+ if (alg->parameter == NULL) {
alg->parameter = ASN1_TYPE_new();
- if (alg->parameter == NULL)
+ }
+ if (alg->parameter == NULL) {
return 0;
+ }
}
if (alg) {
ASN1_OBJECT_free(alg->algorithm);
alg->algorithm = aobj;
}
- if (ptype == 0)
+ if (ptype == 0) {
return 1;
+ }
if (ptype == V_ASN1_UNDEF) {
if (alg->parameter) {
ASN1_TYPE_free(alg->parameter);
alg->parameter = NULL;
}
- } else
+ } else {
ASN1_TYPE_set(alg->parameter, ptype, pval);
+ }
return 1;
}
@@ -127,10 +132,11 @@
void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md) {
int param_type;
- if (EVP_MD_flags(md) & EVP_MD_FLAG_DIGALGID_ABSENT)
+ if (EVP_MD_flags(md) & EVP_MD_FLAG_DIGALGID_ABSENT) {
param_type = V_ASN1_UNDEF;
- else
+ } else {
param_type = V_ASN1_NULL;
+ }
X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
}
@@ -141,9 +147,11 @@
int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b) {
int rv;
rv = OBJ_cmp(a->algorithm, b->algorithm);
- if (rv)
+ if (rv) {
return rv;
- if (!a->parameter && !b->parameter)
+ }
+ if (!a->parameter && !b->parameter) {
return 0;
+ }
return ASN1_TYPE_cmp(a->parameter, b->parameter);
}
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index fa7c01b..ad92df1 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -271,8 +271,9 @@
unsigned int *len) {
ASN1_BIT_STRING *key;
key = X509_get0_pubkey_bitstr(data);
- if (!key)
+ if (!key) {
return 0;
+ }
return EVP_Digest(key->data, key->length, md, len, type, NULL);
}
@@ -314,8 +315,9 @@
PKCS8_PRIV_KEY_INFO *p8inf;
int ret;
p8inf = EVP_PKEY2PKCS8(key);
- if (!p8inf)
+ if (!p8inf) {
return 0;
+ }
ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
PKCS8_PRIV_KEY_INFO_free(p8inf);
return ret;
@@ -336,8 +338,9 @@
PKCS8_PRIV_KEY_INFO *p8inf;
int ret;
p8inf = EVP_PKEY2PKCS8(key);
- if (!p8inf)
+ if (!p8inf) {
return 0;
+ }
ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
PKCS8_PRIV_KEY_INFO_free(p8inf);
return ret;
diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
index f7b5967..7b23797 100644
--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.c
@@ -89,8 +89,9 @@
void *exarg) {
X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
- if (!a || !a->revoked)
+ if (!a || !a->revoked) {
return 1;
+ }
switch (operation) {
/*
* Just set cmp function here. We don't sort because that would
@@ -143,11 +144,13 @@
gens = gtmp;
if (!crl->issuers) {
crl->issuers = sk_GENERAL_NAMES_new_null();
- if (!crl->issuers)
+ if (!crl->issuers) {
return 0;
+ }
}
- if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp))
+ if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp)) {
return 0;
+ }
}
rev->issuer = gens;
@@ -160,8 +163,9 @@
if (reason) {
rev->reason = ASN1_ENUMERATED_get(reason);
ASN1_ENUMERATED_free(reason);
- } else
+ } else {
rev->reason = CRL_REASON_NONE;
+ }
/* Check for critical CRL entry extensions */
@@ -171,8 +175,9 @@
ext = sk_X509_EXTENSION_value(exts, k);
if (X509_EXTENSION_get_critical(ext)) {
if (OBJ_obj2nid(X509_EXTENSION_get_object(ext)) ==
- NID_certificate_issuer)
+ NID_certificate_issuer) {
continue;
+ }
crl->flags |= EXFLAG_CRITICAL;
break;
}
@@ -274,20 +279,23 @@
int nid;
ext = sk_X509_EXTENSION_value(exts, idx);
nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext));
- if (nid == NID_freshest_crl)
+ if (nid == NID_freshest_crl) {
crl->flags |= EXFLAG_FRESHEST;
+ }
if (X509_EXTENSION_get_critical(ext)) {
/* We handle IDP and deltas */
if ((nid == NID_issuing_distribution_point) ||
- (nid == NID_authority_key_identifier) || (nid == NID_delta_crl))
+ (nid == NID_authority_key_identifier) || (nid == NID_delta_crl)) {
continue;
+ }
crl->flags |= EXFLAG_CRITICAL;
break;
}
}
- if (!crl_set_issuers(crl))
+ if (!crl_set_issuers(crl)) {
return 0;
+ }
break;
}
@@ -322,18 +330,22 @@
crl->idp_flags |= IDP_ONLYATTR;
}
- if (idp_only > 1)
+ if (idp_only > 1) {
crl->idp_flags |= IDP_INVALID;
+ }
- if (idp->indirectCRL > 0)
+ if (idp->indirectCRL > 0) {
crl->idp_flags |= IDP_INDIRECT;
+ }
if (idp->onlysomereasons) {
crl->idp_flags |= IDP_REASONS;
- if (idp->onlysomereasons->length > 0)
+ if (idp->onlysomereasons->length > 0) {
crl->idp_reasons = idp->onlysomereasons->data[0];
- if (idp->onlysomereasons->length > 1)
+ }
+ if (idp->onlysomereasons->length > 1) {
crl->idp_reasons |= (idp->onlysomereasons->data[1] << 8);
+ }
crl->idp_reasons &= CRLDP_ALL_REASONS;
}
@@ -361,8 +373,9 @@
int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) {
X509_CRL_INFO *inf;
inf = crl->crl;
- if (!inf->revoked)
+ if (!inf->revoked) {
inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
+ }
if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
return 0;
@@ -396,22 +409,27 @@
size_t i;
if (!rev->issuer) {
- if (!nm)
+ if (!nm) {
return 1;
- if (!X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))
+ }
+ if (!X509_NAME_cmp(nm, X509_CRL_get_issuer(crl))) {
return 1;
+ }
return 0;
}
- if (!nm)
+ if (!nm) {
nm = X509_CRL_get_issuer(crl);
+ }
for (i = 0; i < sk_GENERAL_NAME_num(rev->issuer); i++) {
GENERAL_NAME *gen = sk_GENERAL_NAME_value(rev->issuer, i);
- if (gen->type != GEN_DIRNAME)
+ if (gen->type != GEN_DIRNAME) {
continue;
- if (!X509_NAME_cmp(nm, gen->d.directoryName))
+ }
+ if (!X509_NAME_cmp(nm, gen->d.directoryName)) {
return 1;
+ }
}
return 0;
}
@@ -440,18 +458,22 @@
CRYPTO_STATIC_MUTEX_unlock_write(&g_crl_sort_lock);
}
- if (!sk_X509_REVOKED_find(crl->crl->revoked, &idx, &rtmp))
+ if (!sk_X509_REVOKED_find(crl->crl->revoked, &idx, &rtmp)) {
return 0;
+ }
/* Need to look for matching name */
for (; idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++) {
rev = sk_X509_REVOKED_value(crl->crl->revoked, idx);
- if (ASN1_INTEGER_cmp(rev->serialNumber, serial))
+ if (ASN1_INTEGER_cmp(rev->serialNumber, serial)) {
return 0;
+ }
if (crl_revoked_issuer_match(crl, issuer, rev)) {
- if (ret)
+ if (ret) {
*ret = rev;
- if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
+ }
+ if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) {
return 2;
+ }
return 1;
}
}
diff --git a/crypto/x509/x_info.c b/crypto/x509/x_info.c
index 25ab6ef..420bc19 100644
--- a/crypto/x509/x_info.c
+++ b/crypto/x509/x_info.c
@@ -81,16 +81,21 @@
}
void X509_INFO_free(X509_INFO *x) {
- if (x == NULL)
+ if (x == NULL) {
return;
+ }
- if (x->x509 != NULL)
+ if (x->x509 != NULL) {
X509_free(x->x509);
- if (x->crl != NULL)
+ }
+ if (x->crl != NULL) {
X509_CRL_free(x->crl);
- if (x->x_pkey != NULL)
+ }
+ if (x->x_pkey != NULL) {
X509_PKEY_free(x->x_pkey);
- if (x->enc_data != NULL)
+ }
+ if (x->enc_data != NULL) {
OPENSSL_free(x->enc_data);
+ }
OPENSSL_free(x);
}
diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c
index fbb6538..58c1083 100644
--- a/crypto/x509/x_name.c
+++ b/crypto/x509/x_name.c
@@ -144,12 +144,15 @@
static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) {
X509_NAME *ret = NULL;
ret = OPENSSL_malloc(sizeof(X509_NAME));
- if (!ret)
+ if (!ret) {
goto memerr;
- if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL)
+ }
+ if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL) {
goto memerr;
- if ((ret->bytes = BUF_MEM_new()) == NULL)
+ }
+ if ((ret->bytes = BUF_MEM_new()) == NULL) {
goto memerr;
+ }
ret->canon_enc = NULL;
ret->canon_enclen = 0;
ret->modified = 1;
@@ -159,8 +162,9 @@
memerr:
OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
if (ret) {
- if (ret->entries)
+ if (ret->entries) {
sk_X509_NAME_ENTRY_free(ret->entries);
+ }
OPENSSL_free(ret);
}
return 0;
@@ -168,14 +172,16 @@
static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) {
X509_NAME *a;
- if (!pval || !*pval)
+ if (!pval || !*pval) {
return;
+ }
a = (X509_NAME *)*pval;
BUF_MEM_free(a->bytes);
sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free);
- if (a->canon_enc)
+ if (a->canon_enc) {
OPENSSL_free(a->canon_enc);
+ }
OPENSSL_free(a);
*pval = NULL;
}
@@ -209,19 +215,23 @@
ret = ASN1_item_ex_d2i(&intname_val, &p, len,
ASN1_ITEM_rptr(X509_NAME_INTERNAL), tag, aclass, opt,
ctx);
- if (ret <= 0)
+ if (ret <= 0) {
return ret;
+ }
intname = (STACK_OF(STACK_OF_X509_NAME_ENTRY) *)intname_val;
- if (*val)
+ if (*val) {
x509_name_ex_free(val, NULL);
+ }
ASN1_VALUE *nm_val = NULL;
- if (!x509_name_ex_new(&nm_val, NULL))
+ if (!x509_name_ex_new(&nm_val, NULL)) {
goto err;
+ }
nm = (X509_NAME *)nm_val;
/* We've decoded it: now cache encoding */
- if (!BUF_MEM_grow(nm->bytes, p - q))
+ if (!BUF_MEM_grow(nm->bytes, p - q)) {
goto err;
+ }
OPENSSL_memcpy(nm->bytes->data, q, p - q);
/* Convert internal representation to X509_NAME structure */
@@ -230,14 +240,16 @@
for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
entry = sk_X509_NAME_ENTRY_value(entries, j);
entry->set = i;
- if (!sk_X509_NAME_ENTRY_push(nm->entries, entry))
+ if (!sk_X509_NAME_ENTRY_push(nm->entries, entry)) {
goto err;
+ }
(void)sk_X509_NAME_ENTRY_set(entries, j, NULL);
}
}
ret = x509_name_canon(nm);
- if (!ret)
+ if (!ret) {
goto err;
+ }
sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, local_sk_X509_NAME_ENTRY_free);
nm->modified = 0;
*val = (ASN1_VALUE *)nm;
@@ -274,22 +286,25 @@
size_t i;
STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname =
sk_STACK_OF_X509_NAME_ENTRY_new_null();
- if (!intname)
+ if (!intname) {
goto memerr;
+ }
for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
entry = sk_X509_NAME_ENTRY_value(a->entries, i);
if (entry->set != set) {
entries = sk_X509_NAME_ENTRY_new_null();
- if (!entries)
+ if (!entries) {
goto memerr;
+ }
if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) {
sk_X509_NAME_ENTRY_free(entries);
goto memerr;
}
set = entry->set;
}
- if (!sk_X509_NAME_ENTRY_push(entries, entry))
+ if (!sk_X509_NAME_ENTRY_push(entries, entry)) {
goto memerr;
+ }
}
ASN1_VALUE *intname_val = (ASN1_VALUE *)intname;
len = ASN1_item_ex_i2d(&intname_val, NULL, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
@@ -297,8 +312,9 @@
if (len <= 0) {
goto err;
}
- if (!BUF_MEM_grow(a->bytes, len))
+ if (!BUF_MEM_grow(a->bytes, len)) {
goto memerr;
+ }
p = (unsigned char *)a->bytes->data;
if (ASN1_item_ex_i2d(&intname_val, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
/*tag=*/-1, /*aclass=*/0) <= 0) {
@@ -343,14 +359,16 @@
return 1;
}
intname = sk_STACK_OF_X509_NAME_ENTRY_new_null();
- if (!intname)
+ if (!intname) {
goto err;
+ }
for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
entry = sk_X509_NAME_ENTRY_value(a->entries, i);
if (entry->set != set) {
entries = sk_X509_NAME_ENTRY_new_null();
- if (!entries)
+ if (!entries) {
goto err;
+ }
if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) {
sk_X509_NAME_ENTRY_free(entries);
goto err;
@@ -358,13 +376,16 @@
set = entry->set;
}
tmpentry = X509_NAME_ENTRY_new();
- if (tmpentry == NULL)
+ if (tmpentry == NULL) {
goto err;
+ }
tmpentry->object = OBJ_dup(entry->object);
- if (!asn1_string_canon(tmpentry->value, entry->value))
+ if (!asn1_string_canon(tmpentry->value, entry->value)) {
goto err;
- if (!sk_X509_NAME_ENTRY_push(entries, tmpentry))
+ }
+ if (!sk_X509_NAME_ENTRY_push(entries, tmpentry)) {
goto err;
+ }
tmpentry = NULL;
}
@@ -378,8 +399,9 @@
p = OPENSSL_malloc(a->canon_enclen);
- if (!p)
+ if (!p) {
goto err;
+ }
a->canon_enc = p;
@@ -389,11 +411,13 @@
err:
- if (tmpentry)
+ if (tmpentry) {
X509_NAME_ENTRY_free(tmpentry);
- if (intname)
+ }
+ if (intname) {
sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
local_sk_X509_NAME_ENTRY_pop_free);
+ }
return ret;
}
@@ -410,15 +434,17 @@
/* If type not in bitmask just copy string across */
if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON)) {
- if (!ASN1_STRING_copy(out, in))
+ if (!ASN1_STRING_copy(out, in)) {
return 0;
+ }
return 1;
}
out->type = V_ASN1_UTF8STRING;
out->length = ASN1_STRING_to_UTF8(&out->data, in);
- if (out->length == -1)
+ if (out->length == -1) {
return 0;
+ }
to = out->data;
from = to;
@@ -491,16 +517,18 @@
v = sk_ASN1_VALUE_value(intname, i);
ltmp = ASN1_item_ex_i2d(&v, in, ASN1_ITEM_rptr(X509_NAME_ENTRIES),
/*tag=*/-1, /*aclass=*/0);
- if (ltmp < 0)
+ if (ltmp < 0) {
return ltmp;
+ }
len += ltmp;
}
return len;
}
int X509_NAME_set(X509_NAME **xn, X509_NAME *name) {
- if ((name = X509_NAME_dup(name)) == NULL)
+ if ((name = X509_NAME_dup(name)) == NULL) {
return 0;
+ }
X509_NAME_free(*xn);
*xn = name;
return 1;
@@ -511,11 +539,14 @@
int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder,
size_t *pderlen) {
/* Make sure encoding is valid */
- if (i2d_X509_NAME(nm, NULL) <= 0)
+ if (i2d_X509_NAME(nm, NULL) <= 0) {
return 0;
- if (pder != NULL)
+ }
+ if (pder != NULL) {
*pder = (unsigned char *)nm->bytes->data;
- if (pderlen != NULL)
+ }
+ if (pderlen != NULL) {
*pderlen = nm->bytes->length;
+ }
return 1;
}
diff --git a/crypto/x509/x_pkey.c b/crypto/x509/x_pkey.c
index 1d7b1a4..52bc5b6 100644
--- a/crypto/x509/x_pkey.c
+++ b/crypto/x509/x_pkey.c
@@ -75,30 +75,38 @@
OPENSSL_memset(ret, 0, sizeof(X509_PKEY));
ret->enc_algor = X509_ALGOR_new();
- if (ret->enc_algor == NULL)
+ if (ret->enc_algor == NULL) {
goto err;
+ }
ret->enc_pkey = ASN1_OCTET_STRING_new();
- if (ret->enc_pkey == NULL)
+ if (ret->enc_pkey == NULL) {
goto err;
+ }
return ret;
err:
- if (ret != NULL)
+ if (ret != NULL) {
X509_PKEY_free(ret);
+ }
return NULL;
}
void X509_PKEY_free(X509_PKEY *x) {
- if (x == NULL)
+ if (x == NULL) {
return;
+ }
- if (x->enc_algor != NULL)
+ if (x->enc_algor != NULL) {
X509_ALGOR_free(x->enc_algor);
- if (x->enc_pkey != NULL)
+ }
+ if (x->enc_pkey != NULL) {
ASN1_OCTET_STRING_free(x->enc_pkey);
- if (x->dec_pkey != NULL)
+ }
+ if (x->dec_pkey != NULL) {
EVP_PKEY_free(x->dec_pkey);
- if ((x->key_data != NULL) && (x->key_free))
+ }
+ if ((x->key_data != NULL) && (x->key_free)) {
OPENSSL_free(x->key_data);
+ }
OPENSSL_free(x);
}
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index a40ebfb..12e7d68 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -92,8 +92,9 @@
uint8_t *spki = NULL;
size_t spki_len;
- if (x == NULL)
+ if (x == NULL) {
return (0);
+ }
CBB cbb;
if (!CBB_init(&cbb, 0) || !EVP_marshal_public_key(&cbb, pkey) ||
@@ -131,8 +132,9 @@
EVP_PKEY *ret = NULL;
uint8_t *spki = NULL;
- if (key == NULL)
+ if (key == NULL) {
goto error;
+ }
CRYPTO_STATIC_MUTEX_lock_read(&g_pubkey_lock);
if (key->pkey != NULL) {
diff --git a/crypto/x509/x_req.c b/crypto/x509/x_req.c
index 2b1fa40..42e9496 100644
--- a/crypto/x509/x_req.c
+++ b/crypto/x509/x_req.c
@@ -78,8 +78,9 @@
if (operation == ASN1_OP_NEW_POST) {
rinf->attributes = sk_X509_ATTRIBUTE_new_null();
- if (!rinf->attributes)
+ if (!rinf->attributes) {
return 0;
+ }
}
if (operation == ASN1_OP_D2I_POST) {
diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index 0026adf..743fd80 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -236,24 +236,28 @@
X509 *ret;
int freeret = 0;
- if (!a || *a == NULL)
+ if (!a || *a == NULL) {
freeret = 1;
+ }
ret = d2i_X509(a, &q, length);
/* If certificate unreadable then forget it */
- if (!ret)
+ if (!ret) {
return NULL;
+ }
/* update length */
length -= q - *pp;
/* Parse auxiliary information if there is any. */
- if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length))
+ if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length)) {
goto err;
+ }
*pp = q;
return ret;
err:
if (freeret) {
X509_free(ret);
- if (a)
+ if (a) {
*a = NULL;
+ }
}
return NULL;
}
@@ -283,8 +287,9 @@
if (a->aux != NULL) {
tmplen = i2d_X509_CERT_AUX(a->aux, pp);
if (tmplen < 0) {
- if (start != NULL)
+ if (start != NULL) {
*pp = start;
+ }
return tmplen;
}
length += tmplen;
@@ -307,17 +312,20 @@
unsigned char *tmp;
/* Buffer provided by caller */
- if (pp == NULL || *pp != NULL)
+ if (pp == NULL || *pp != NULL) {
return i2d_x509_aux_internal(a, pp);
+ }
/* Obtain the combined length */
- if ((length = i2d_x509_aux_internal(a, NULL)) <= 0)
+ if ((length = i2d_x509_aux_internal(a, NULL)) <= 0) {
return length;
+ }
/* Allocate requisite combined storage */
*pp = tmp = OPENSSL_malloc(length);
- if (tmp == NULL)
+ if (tmp == NULL) {
return -1; /* Push error onto error stack? */
+ }
/* Encode, but keep *pp at the originally malloced pointer */
length = i2d_x509_aux_internal(a, &tmp);
@@ -367,10 +375,12 @@
void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg,
const X509 *x) {
- if (psig)
+ if (psig) {
*psig = x->signature;
- if (palg)
+ }
+ if (palg) {
*palg = x->sig_alg;
+ }
}
int X509_get_signature_nid(const X509 *x) {
diff --git a/crypto/x509/x_x509a.c b/crypto/x509/x_x509a.c
index 4eb7599..96161f5 100644
--- a/crypto/x509/x_x509a.c
+++ b/crypto/x509/x_x509a.c
@@ -83,10 +83,12 @@
IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
static X509_CERT_AUX *aux_get(X509 *x) {
- if (!x)
+ if (!x) {
return NULL;
- if (!x->aux && !(x->aux = X509_CERT_AUX_new()))
+ }
+ if (!x->aux && !(x->aux = X509_CERT_AUX_new())) {
return NULL;
+ }
return x->aux;
}
@@ -96,16 +98,19 @@
* getters cannot quite represent them. Also erase the object if |len| is
* zero. */
if (!name) {
- if (!x || !x->aux || !x->aux->alias)
+ if (!x || !x->aux || !x->aux->alias) {
return 1;
+ }
ASN1_UTF8STRING_free(x->aux->alias);
x->aux->alias = NULL;
return 1;
}
- if (!(aux = aux_get(x)))
+ if (!(aux = aux_get(x))) {
return 0;
- if (!aux->alias && !(aux->alias = ASN1_UTF8STRING_new()))
+ }
+ if (!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) {
return 0;
+ }
return ASN1_STRING_set(aux->alias, name, len);
}
@@ -115,16 +120,19 @@
* getters cannot quite represent them. Also erase the object if |len| is
* zero. */
if (!id) {
- if (!x || !x->aux || !x->aux->keyid)
+ if (!x || !x->aux || !x->aux->keyid) {
return 1;
+ }
ASN1_OCTET_STRING_free(x->aux->keyid);
x->aux->keyid = NULL;
return 1;
}
- if (!(aux = aux_get(x)))
+ if (!(aux = aux_get(x))) {
return 0;
- if (!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new()))
+ }
+ if (!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) {
return 0;
+ }
return ASN1_STRING_set(aux->keyid, id, len);
}
@@ -146,16 +154,19 @@
int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj) {
ASN1_OBJECT *objtmp = OBJ_dup(obj);
- if (objtmp == NULL)
+ if (objtmp == NULL) {
goto err;
+ }
X509_CERT_AUX *aux = aux_get(x);
if (aux->trust == NULL) {
aux->trust = sk_ASN1_OBJECT_new_null();
- if (aux->trust == NULL)
+ if (aux->trust == NULL) {
goto err;
+ }
}
- if (!sk_ASN1_OBJECT_push(aux->trust, objtmp))
+ if (!sk_ASN1_OBJECT_push(aux->trust, objtmp)) {
goto err;
+ }
return 1;
err:
@@ -165,16 +176,19 @@
int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj) {
ASN1_OBJECT *objtmp = OBJ_dup(obj);
- if (objtmp == NULL)
+ if (objtmp == NULL) {
goto err;
+ }
X509_CERT_AUX *aux = aux_get(x);
if (aux->reject == NULL) {
aux->reject = sk_ASN1_OBJECT_new_null();
- if (aux->reject == NULL)
+ if (aux->reject == NULL) {
goto err;
+ }
}
- if (!sk_ASN1_OBJECT_push(aux->reject, objtmp))
+ if (!sk_ASN1_OBJECT_push(aux->reject, objtmp)) {
goto err;
+ }
return 1;
err:
diff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c
index af1871e..f4de366 100644
--- a/crypto/x509v3/pcy_cache.c
+++ b/crypto/x509v3/pcy_cache.c
@@ -80,16 +80,19 @@
X509_POLICY_CACHE *cache = x->policy_cache;
X509_POLICY_DATA *data = NULL;
POLICYINFO *policy;
- if (sk_POLICYINFO_num(policies) == 0)
+ if (sk_POLICYINFO_num(policies) == 0) {
goto bad_policy;
+ }
cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp);
- if (!cache->data)
+ if (!cache->data) {
goto bad_policy;
+ }
for (i = 0; i < sk_POLICYINFO_num(policies); i++) {
policy = sk_POLICYINFO_value(policies, i);
data = policy_data_new(policy, NULL, crit);
- if (!data)
+ if (!data) {
goto bad_policy;
+ }
/*
* Duplicate policy OIDs are illegal: reject if matches found.
*/
@@ -103,16 +106,19 @@
} else if (sk_X509_POLICY_DATA_find(cache->data, NULL, data)) {
ret = -1;
goto bad_policy;
- } else if (!sk_X509_POLICY_DATA_push(cache->data, data))
+ } else if (!sk_X509_POLICY_DATA_push(cache->data, data)) {
goto bad_policy;
+ }
data = NULL;
}
ret = 1;
bad_policy:
- if (ret == -1)
+ if (ret == -1) {
x->ex_flags |= EXFLAG_INVALID_POLICY;
- if (data)
+ }
+ if (data) {
policy_data_free(data);
+ }
sk_POLICYINFO_pop_free(policies, POLICYINFO_free);
if (ret <= 0) {
sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
@@ -129,8 +135,9 @@
POLICY_MAPPINGS *ext_pmaps = NULL;
int i;
cache = OPENSSL_malloc(sizeof(X509_POLICY_CACHE));
- if (!cache)
+ if (!cache) {
return 0;
+ }
cache->anyPolicy = NULL;
cache->data = NULL;
cache->any_skip = -1;
@@ -146,17 +153,21 @@
ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL);
if (!ext_pcons) {
- if (i != -1)
+ if (i != -1) {
goto bad_cache;
+ }
} else {
- if (!ext_pcons->requireExplicitPolicy && !ext_pcons->inhibitPolicyMapping)
+ if (!ext_pcons->requireExplicitPolicy && !ext_pcons->inhibitPolicyMapping) {
goto bad_cache;
+ }
if (!policy_cache_set_int(&cache->explicit_skip,
- ext_pcons->requireExplicitPolicy))
+ ext_pcons->requireExplicitPolicy)) {
goto bad_cache;
+ }
if (!policy_cache_set_int(&cache->map_skip,
- ext_pcons->inhibitPolicyMapping))
+ ext_pcons->inhibitPolicyMapping)) {
goto bad_cache;
+ }
}
/* Process CertificatePolicies */
@@ -168,8 +179,9 @@
*/
if (!ext_cpols) {
/* If not absent some problem with extension */
- if (i != -1)
+ if (i != -1) {
goto bad_cache;
+ }
return 1;
}
@@ -177,50 +189,60 @@
/* NB: ext_cpols freed by policy_cache_set_policies */
- if (i <= 0)
+ if (i <= 0) {
return i;
+ }
ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL);
if (!ext_pmaps) {
/* If not absent some problem with extension */
- if (i != -1)
+ if (i != -1) {
goto bad_cache;
+ }
} else {
i = policy_cache_set_mapping(x, ext_pmaps);
- if (i <= 0)
+ if (i <= 0) {
goto bad_cache;
+ }
}
ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL);
if (!ext_any) {
- if (i != -1)
+ if (i != -1) {
goto bad_cache;
- } else if (!policy_cache_set_int(&cache->any_skip, ext_any))
+ }
+ } else if (!policy_cache_set_int(&cache->any_skip, ext_any)) {
goto bad_cache;
+ }
if (0) {
bad_cache:
x->ex_flags |= EXFLAG_INVALID_POLICY;
}
- if (ext_pcons)
+ if (ext_pcons) {
POLICY_CONSTRAINTS_free(ext_pcons);
+ }
- if (ext_any)
+ if (ext_any) {
ASN1_INTEGER_free(ext_any);
+ }
return 1;
}
void policy_cache_free(X509_POLICY_CACHE *cache) {
- if (!cache)
+ if (!cache) {
return;
- if (cache->anyPolicy)
+ }
+ if (cache->anyPolicy) {
policy_data_free(cache->anyPolicy);
- if (cache->data)
+ }
+ if (cache->data) {
sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
+ }
OPENSSL_free(cache);
}
@@ -239,12 +261,14 @@
cache = x->policy_cache;
CRYPTO_STATIC_MUTEX_unlock_read(&g_x509_policy_cache_lock);
- if (cache != NULL)
+ if (cache != NULL) {
return cache;
+ }
CRYPTO_STATIC_MUTEX_lock_write(&g_x509_policy_cache_lock);
- if (x->policy_cache == NULL)
+ if (x->policy_cache == NULL) {
policy_cache_new(x);
+ }
cache = x->policy_cache;
CRYPTO_STATIC_MUTEX_unlock_write(&g_x509_policy_cache_lock);
@@ -258,8 +282,9 @@
tmp.valid_policy = (ASN1_OBJECT *)id;
sk_X509_POLICY_DATA_sort(cache->data);
- if (!sk_X509_POLICY_DATA_find(cache->data, &idx, &tmp))
+ if (!sk_X509_POLICY_DATA_find(cache->data, &idx, &tmp)) {
return NULL;
+ }
return sk_X509_POLICY_DATA_value(cache->data, idx);
}
@@ -269,10 +294,12 @@
}
static int policy_cache_set_int(long *out, ASN1_INTEGER *value) {
- if (value == NULL)
+ if (value == NULL) {
return 1;
- if (value->type == V_ASN1_NEG_INTEGER)
+ }
+ if (value->type == V_ASN1_NEG_INTEGER) {
return 0;
+ }
*out = ASN1_INTEGER_get(value);
return 1;
}
diff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c
index a442629..e2df5b2 100644
--- a/crypto/x509v3/pcy_data.c
+++ b/crypto/x509v3/pcy_data.c
@@ -69,8 +69,9 @@
void policy_data_free(X509_POLICY_DATA *data) {
ASN1_OBJECT_free(data->valid_policy);
/* Don't free qualifiers if shared */
- if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS))
+ if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS)) {
sk_POLICYQUALINFO_pop_free(data->qualifier_set, POLICYQUALINFO_free);
+ }
sk_ASN1_OBJECT_pop_free(data->expected_policy_set, ASN1_OBJECT_free);
OPENSSL_free(data);
}
@@ -87,14 +88,17 @@
int crit) {
X509_POLICY_DATA *ret;
ASN1_OBJECT *id;
- if (!policy && !cid)
+ if (!policy && !cid) {
return NULL;
+ }
if (cid) {
id = OBJ_dup(cid);
- if (!id)
+ if (!id) {
return NULL;
- } else
+ }
+ } else {
id = NULL;
+ }
ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA));
if (!ret) {
OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
@@ -108,14 +112,15 @@
return NULL;
}
- if (crit)
+ if (crit) {
ret->flags = POLICY_DATA_FLAG_CRITICAL;
- else
+ } else {
ret->flags = 0;
+ }
- if (id)
+ if (id) {
ret->valid_policy = id;
- else {
+ } else {
ret->valid_policy = policy->policyid;
policy->policyid = NULL;
}
@@ -123,8 +128,9 @@
if (policy) {
ret->qualifier_set = policy->qualifiers;
policy->qualifiers = NULL;
- } else
+ } else {
ret->qualifier_set = NULL;
+ }
return ret;
}
diff --git a/crypto/x509v3/pcy_lib.c b/crypto/x509v3/pcy_lib.c
index e339bd7f..3775d35 100644
--- a/crypto/x509v3/pcy_lib.c
+++ b/crypto/x509v3/pcy_lib.c
@@ -65,56 +65,66 @@
/* X509_POLICY_TREE stuff */
int X509_policy_tree_level_count(const X509_POLICY_TREE *tree) {
- if (!tree)
+ if (!tree) {
return 0;
+ }
return tree->nlevel;
}
X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree,
int i) {
- if (!tree || (i < 0) || (i >= tree->nlevel))
+ if (!tree || (i < 0) || (i >= tree->nlevel)) {
return NULL;
+ }
return tree->levels + i;
}
STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(
const X509_POLICY_TREE *tree) {
- if (!tree)
+ if (!tree) {
return NULL;
+ }
return tree->auth_policies;
}
STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(
const X509_POLICY_TREE *tree) {
- if (!tree)
+ if (!tree) {
return NULL;
- if (tree->flags & POLICY_FLAG_ANY_POLICY)
+ }
+ if (tree->flags & POLICY_FLAG_ANY_POLICY) {
return tree->auth_policies;
- else
+ } else {
return tree->user_policies;
+ }
}
/* X509_POLICY_LEVEL stuff */
int X509_policy_level_node_count(X509_POLICY_LEVEL *level) {
int n;
- if (!level)
+ if (!level) {
return 0;
- if (level->anyPolicy)
+ }
+ if (level->anyPolicy) {
n = 1;
- else
+ } else {
n = 0;
- if (level->nodes)
+ }
+ if (level->nodes) {
n += sk_X509_POLICY_NODE_num(level->nodes);
+ }
return n;
}
X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i) {
- if (!level)
+ if (!level) {
return NULL;
+ }
if (level->anyPolicy) {
- if (i == 0)
+ if (i == 0) {
return level->anyPolicy;
+ }
i--;
}
return sk_X509_POLICY_NODE_value(level->nodes, i);
@@ -123,21 +133,24 @@
/* X509_POLICY_NODE stuff */
const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node) {
- if (!node)
+ if (!node) {
return NULL;
+ }
return node->data->valid_policy;
}
STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(
const X509_POLICY_NODE *node) {
- if (!node)
+ if (!node) {
return NULL;
+ }
return node->data->qualifier_set;
}
const X509_POLICY_NODE *X509_policy_node_get0_parent(
const X509_POLICY_NODE *node) {
- if (!node)
+ if (!node) {
return NULL;
+ }
return node->parent;
}
diff --git a/crypto/x509v3/pcy_map.c b/crypto/x509v3/pcy_map.c
index 6a411f0..efc3ecd 100644
--- a/crypto/x509v3/pcy_map.c
+++ b/crypto/x509v3/pcy_map.c
@@ -91,16 +91,18 @@
/* Attempt to find matching policy data */
data = policy_cache_find_data(cache, map->issuerDomainPolicy);
/* If we don't have anyPolicy can't map */
- if (!data && !cache->anyPolicy)
+ if (!data && !cache->anyPolicy) {
continue;
+ }
/* Create a NODE from anyPolicy */
if (!data) {
data =
policy_data_new(NULL, map->issuerDomainPolicy,
cache->anyPolicy->flags & POLICY_DATA_FLAG_CRITICAL);
- if (!data)
+ if (!data) {
goto bad_mapping;
+ }
data->qualifier_set = cache->anyPolicy->qualifier_set;
/*
* map->issuerDomainPolicy = NULL;
@@ -111,18 +113,21 @@
policy_data_free(data);
goto bad_mapping;
}
- } else
+ } else {
data->flags |= POLICY_DATA_FLAG_MAPPED;
+ }
if (!sk_ASN1_OBJECT_push(data->expected_policy_set,
- map->subjectDomainPolicy))
+ map->subjectDomainPolicy)) {
goto bad_mapping;
+ }
map->subjectDomainPolicy = NULL;
}
ret = 1;
bad_mapping:
- if (ret == -1)
+ if (ret == -1) {
x->ex_flags |= EXFLAG_INVALID_POLICY;
+ }
sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
return ret;
}
diff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c
index 3da223a..330194f 100644
--- a/crypto/x509v3/pcy_node.c
+++ b/crypto/x509v3/pcy_node.c
@@ -81,8 +81,9 @@
l.data = &n;
sk_X509_POLICY_NODE_sort(nodes);
- if (!sk_X509_POLICY_NODE_find(nodes, &idx, &l))
+ if (!sk_X509_POLICY_NODE_find(nodes, &idx, &l)) {
return NULL;
+ }
return sk_X509_POLICY_NODE_value(nodes, idx);
}
@@ -95,8 +96,9 @@
for (i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++) {
node = sk_X509_POLICY_NODE_value(level->nodes, i);
if (node->parent == parent) {
- if (!OBJ_cmp(node->data->valid_policy, id))
+ if (!OBJ_cmp(node->data->valid_policy, id)) {
return node;
+ }
}
}
return NULL;
@@ -108,37 +110,46 @@
X509_POLICY_TREE *tree) {
X509_POLICY_NODE *node;
node = OPENSSL_malloc(sizeof(X509_POLICY_NODE));
- if (!node)
+ if (!node) {
return NULL;
+ }
node->data = data;
node->parent = parent;
node->nchild = 0;
if (level) {
if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
- if (level->anyPolicy)
+ if (level->anyPolicy) {
goto node_error;
+ }
level->anyPolicy = node;
} else {
- if (!level->nodes)
+ if (!level->nodes) {
level->nodes = policy_node_cmp_new();
- if (!level->nodes)
+ }
+ if (!level->nodes) {
goto node_error;
- if (!sk_X509_POLICY_NODE_push(level->nodes, node))
+ }
+ if (!sk_X509_POLICY_NODE_push(level->nodes, node)) {
goto node_error;
+ }
}
}
if (tree) {
- if (!tree->extra_data)
+ if (!tree->extra_data) {
tree->extra_data = sk_X509_POLICY_DATA_new_null();
- if (!tree->extra_data)
+ }
+ if (!tree->extra_data) {
goto node_error;
- if (!sk_X509_POLICY_DATA_push(tree->extra_data, data))
+ }
+ if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) {
goto node_error;
+ }
}
- if (parent)
+ if (parent) {
parent->nchild++;
+ }
return node;
@@ -162,15 +173,17 @@
if ((lvl->flags & X509_V_FLAG_INHIBIT_MAP) ||
!(x->flags & POLICY_DATA_FLAG_MAP_MASK)) {
- if (!OBJ_cmp(x->valid_policy, oid))
+ if (!OBJ_cmp(x->valid_policy, oid)) {
return 1;
+ }
return 0;
}
for (i = 0; i < sk_ASN1_OBJECT_num(x->expected_policy_set); i++) {
policy_oid = sk_ASN1_OBJECT_value(x->expected_policy_set, i);
- if (!OBJ_cmp(policy_oid, oid))
+ if (!OBJ_cmp(policy_oid, oid)) {
return 1;
+ }
}
return 0;
}
diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
index 4d684e2..db7704e 100644
--- a/crypto/x509v3/pcy_tree.c
+++ b/crypto/x509v3/pcy_tree.c
@@ -83,17 +83,18 @@
static void expected_print(BIO *err, X509_POLICY_LEVEL *lev,
X509_POLICY_NODE *node, int indent) {
if ((lev->flags & X509_V_FLAG_INHIBIT_MAP) ||
- !(node->data->flags & POLICY_DATA_FLAG_MAP_MASK))
+ !(node->data->flags & POLICY_DATA_FLAG_MAP_MASK)) {
BIO_puts(err, " Not Mapped\n");
- else {
+ } else {
int i;
STACK_OF(ASN1_OBJECT) *pset = node->data->expected_policy_set;
ASN1_OBJECT *oid;
BIO_puts(err, " Expected: ");
for (i = 0; i < sk_ASN1_OBJECT_num(pset); i++) {
oid = sk_ASN1_OBJECT_value(pset, i);
- if (i)
+ if (i) {
BIO_puts(err, ", ");
+ }
i2a_ASN1_OBJECT(err, oid);
}
BIO_puts(err, "\n");
@@ -107,10 +108,11 @@
int i;
BIO *err;
err = BIO_new_fp(stderr, BIO_NOCLOSE);
- if (!curr)
+ if (!curr) {
curr = tree->levels + tree->nlevel;
- else
+ } else {
curr++;
+ }
BIO_printf(err, "Level print after %s\n", str);
BIO_printf(err, "Printing Up to Level %ld\n", curr - tree->levels);
for (plev = tree->levels; plev != curr; plev++) {
@@ -122,8 +124,9 @@
expected_print(err, plev, node, 2);
BIO_printf(err, " Flags: %x\n", node->data->flags);
}
- if (plev->anyPolicy)
+ if (plev->anyPolicy) {
X509_POLICY_NODE_print(err, plev->anyPolicy, 2);
+ }
}
BIO_free(err);
@@ -164,24 +167,28 @@
flags |= X509_V_FLAG_INHIBIT_MAP;
#endif
- if (flags & X509_V_FLAG_EXPLICIT_POLICY)
+ if (flags & X509_V_FLAG_EXPLICIT_POLICY) {
explicit_policy = 0;
- else
+ } else {
explicit_policy = n + 1;
+ }
- if (flags & X509_V_FLAG_INHIBIT_ANY)
+ if (flags & X509_V_FLAG_INHIBIT_ANY) {
any_skip = 0;
- else
+ } else {
any_skip = n + 1;
+ }
- if (flags & X509_V_FLAG_INHIBIT_MAP)
+ if (flags & X509_V_FLAG_INHIBIT_MAP) {
map_skip = 0;
- else
+ } else {
map_skip = n + 1;
+ }
/* Can't do anything with just a trust anchor */
- if (n == 1)
+ if (n == 1) {
return 1;
+ }
/*
* First setup policy cache in all certificates apart from the trust
* anchor. Note any bad cache results on the way. Also can calculate
@@ -192,31 +199,37 @@
X509_check_purpose(x, -1, -1);
cache = policy_cache_set(x);
/* If cache NULL something bad happened: return immediately */
- if (cache == NULL)
+ if (cache == NULL) {
return 0;
+ }
/*
* If inconsistent extensions keep a note of it but continue
*/
- if (x->ex_flags & EXFLAG_INVALID_POLICY)
+ if (x->ex_flags & EXFLAG_INVALID_POLICY) {
ret = -1;
+ }
/*
* Otherwise if we have no data (hence no CertificatePolicies) and
* haven't already set an inconsistent code note it.
*/
- else if ((ret == 1) && !cache->data)
+ else if ((ret == 1) && !cache->data) {
ret = 2;
+ }
if (explicit_policy > 0) {
- if (!(x->ex_flags & EXFLAG_SI))
+ if (!(x->ex_flags & EXFLAG_SI)) {
explicit_policy--;
+ }
if ((cache->explicit_skip != -1) &&
- (cache->explicit_skip < explicit_policy))
+ (cache->explicit_skip < explicit_policy)) {
explicit_policy = cache->explicit_skip;
+ }
}
}
if (ret != 1) {
- if (ret == 2 && !explicit_policy)
+ if (ret == 2 && !explicit_policy) {
return 6;
+ }
return ret;
}
@@ -224,8 +237,9 @@
tree = OPENSSL_malloc(sizeof(X509_POLICY_TREE));
- if (!tree)
+ if (!tree) {
return 0;
+ }
tree->flags = 0;
tree->levels = OPENSSL_malloc(sizeof(X509_POLICY_LEVEL) * n);
@@ -249,8 +263,9 @@
data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0);
- if (!data || !level_add_node(level, data, NULL, tree))
+ if (!data || !level_add_node(level, data, NULL, tree)) {
goto bad_tree;
+ }
for (i = n - 2; i >= 0; i--) {
level++;
@@ -259,8 +274,9 @@
X509_up_ref(x);
level->cert = x;
- if (!cache->anyPolicy)
+ if (!cache->anyPolicy) {
level->flags |= X509_V_FLAG_INHIBIT_ANY;
+ }
/* Determine inhibit any and inhibit map flags */
if (any_skip == 0) {
@@ -268,31 +284,37 @@
* Any matching allowed if certificate is self issued and not the
* last in the chain.
*/
- if (!(x->ex_flags & EXFLAG_SI) || (i == 0))
+ if (!(x->ex_flags & EXFLAG_SI) || (i == 0)) {
level->flags |= X509_V_FLAG_INHIBIT_ANY;
+ }
} else {
- if (!(x->ex_flags & EXFLAG_SI))
+ if (!(x->ex_flags & EXFLAG_SI)) {
any_skip--;
- if ((cache->any_skip >= 0) && (cache->any_skip < any_skip))
+ }
+ if ((cache->any_skip >= 0) && (cache->any_skip < any_skip)) {
any_skip = cache->any_skip;
+ }
}
- if (map_skip == 0)
+ if (map_skip == 0) {
level->flags |= X509_V_FLAG_INHIBIT_MAP;
- else {
- if (!(x->ex_flags & EXFLAG_SI))
+ } else {
+ if (!(x->ex_flags & EXFLAG_SI)) {
map_skip--;
- if ((cache->map_skip >= 0) && (cache->map_skip < map_skip))
+ }
+ if ((cache->map_skip >= 0) && (cache->map_skip < map_skip)) {
map_skip = cache->map_skip;
+ }
}
}
*ptree = tree;
- if (explicit_policy)
+ if (explicit_policy) {
return 1;
- else
+ } else {
return 5;
+ }
bad_tree:
@@ -311,14 +333,16 @@
for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) {
node = sk_X509_POLICY_NODE_value(last->nodes, i);
if (policy_node_match(last, node, data->valid_policy)) {
- if (!level_add_node(curr, data, node, NULL))
+ if (!level_add_node(curr, data, node, NULL)) {
return 0;
+ }
matched = 1;
}
}
if (!matched && last->anyPolicy) {
- if (!level_add_node(curr, data, last->anyPolicy, NULL))
+ if (!level_add_node(curr, data, last->anyPolicy, NULL)) {
return 0;
+ }
}
return 1;
}
@@ -349,8 +373,9 @@
continue;
#endif
/* Look for matching nodes in previous level */
- if (!tree_link_matching_nodes(curr, data))
+ if (!tree_link_matching_nodes(curr, data)) {
return 0;
+ }
}
return 1;
}
@@ -365,16 +390,18 @@
const ASN1_OBJECT *id, X509_POLICY_NODE *node,
X509_POLICY_TREE *tree) {
X509_POLICY_DATA *data;
- if (id == NULL)
+ if (id == NULL) {
id = node->data->valid_policy;
+ }
/*
* Create a new node with qualifiers from anyPolicy and id from unmatched
* node.
*/
data = policy_data_new(NULL, id, node_critical(node));
- if (data == NULL)
+ if (data == NULL) {
return 0;
+ }
/* Curr may not have anyPolicy */
data->qualifier_set = cache->anyPolicy->qualifier_set;
data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
@@ -395,23 +422,28 @@
if ((last->flags & X509_V_FLAG_INHIBIT_MAP) ||
!(node->data->flags & POLICY_DATA_FLAG_MAPPED)) {
/* If no policy mapping: matched if one child present */
- if (node->nchild)
+ if (node->nchild) {
return 1;
- if (!tree_add_unmatched(curr, cache, NULL, node, tree))
+ }
+ if (!tree_add_unmatched(curr, cache, NULL, node, tree)) {
return 0;
+ }
/* Add it */
} else {
/* If mapping: matched if one child per expected policy set */
STACK_OF(ASN1_OBJECT) *expset = node->data->expected_policy_set;
- if ((size_t)node->nchild == sk_ASN1_OBJECT_num(expset))
+ if ((size_t)node->nchild == sk_ASN1_OBJECT_num(expset)) {
return 1;
+ }
/* Locate unmatched nodes */
for (i = 0; i < sk_ASN1_OBJECT_num(expset); i++) {
ASN1_OBJECT *oid = sk_ASN1_OBJECT_value(expset, i);
- if (level_find_node(curr, node, oid))
+ if (level_find_node(curr, node, oid)) {
continue;
- if (!tree_add_unmatched(curr, cache, oid, node, tree))
+ }
+ if (!tree_add_unmatched(curr, cache, oid, node, tree)) {
return 0;
+ }
}
}
@@ -431,8 +463,9 @@
for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) {
node = sk_X509_POLICY_NODE_value(last->nodes, i);
- if (!tree_link_unmatched(curr, cache, node, tree))
+ if (!tree_link_unmatched(curr, cache, node, tree)) {
return 0;
+ }
#if 0
@@ -464,8 +497,9 @@
}
/* Finally add link to anyPolicy */
if (last->anyPolicy) {
- if (!level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL))
+ if (!level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL)) {
return 0;
+ }
}
return 1;
}
@@ -505,15 +539,17 @@
}
}
if (curr->anyPolicy && !curr->anyPolicy->nchild) {
- if (curr->anyPolicy->parent)
+ if (curr->anyPolicy->parent) {
curr->anyPolicy->parent->nchild--;
+ }
OPENSSL_free(curr->anyPolicy);
curr->anyPolicy = NULL;
}
if (curr == tree->levels) {
/* If we zapped anyPolicy at top then tree is empty */
- if (!curr->anyPolicy)
+ if (!curr->anyPolicy) {
return 2;
+ }
return 1;
}
}
@@ -523,15 +559,18 @@
X509_POLICY_NODE *pcy) {
if (!*pnodes) {
*pnodes = policy_node_cmp_new();
- if (!*pnodes)
+ if (!*pnodes) {
return 0;
+ }
} else {
sk_X509_POLICY_NODE_sort(*pnodes);
- if (sk_X509_POLICY_NODE_find(*pnodes, NULL, pcy))
+ if (sk_X509_POLICY_NODE_find(*pnodes, NULL, pcy)) {
return 1;
+ }
}
- if (!sk_X509_POLICY_NODE_push(*pnodes, pcy))
+ if (!sk_X509_POLICY_NODE_push(*pnodes, pcy)) {
return 0;
+ }
return 1;
}
@@ -556,12 +595,14 @@
/* If last level contains anyPolicy set is anyPolicy */
if (curr->anyPolicy) {
- if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy))
+ if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy)) {
return 0;
+ }
addnodes = pnodes;
- } else
+ } else {
/* Add policies to authority set */
addnodes = &tree->auth_policies;
+ }
curr = tree->levels;
for (i = 1; i < tree->nlevel; i++) {
@@ -569,18 +610,21 @@
* If no anyPolicy node on this this level it can't appear on lower
* levels so end search.
*/
- if (!(anyptr = curr->anyPolicy))
+ if (!(anyptr = curr->anyPolicy)) {
break;
+ }
curr++;
for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++) {
node = sk_X509_POLICY_NODE_value(curr->nodes, j);
- if ((node->parent == anyptr) && !tree_add_auth_node(addnodes, node))
+ if ((node->parent == anyptr) && !tree_add_auth_node(addnodes, node)) {
return 0;
+ }
}
}
- if (addnodes == pnodes)
+ if (addnodes == pnodes) {
return 2;
+ }
*pnodes = tree->auth_policies;
@@ -602,8 +646,9 @@
* will happen if it is a leaf node.
*/
- if (sk_ASN1_OBJECT_num(policy_oids) <= 0)
+ if (sk_ASN1_OBJECT_num(policy_oids) <= 0) {
return 1;
+ }
anyPolicy = tree->levels[tree->nlevel - 1].anyPolicy;
@@ -619,15 +664,17 @@
oid = sk_ASN1_OBJECT_value(policy_oids, i);
node = tree_find_sk(auth_nodes, oid);
if (!node) {
- if (!anyPolicy)
+ if (!anyPolicy) {
continue;
+ }
/*
* Create a new node with policy ID from user set and qualifiers
* from anyPolicy.
*/
extra = policy_data_new(NULL, oid, node_critical(anyPolicy));
- if (!extra)
+ if (!extra) {
return 0;
+ }
extra->qualifier_set = anyPolicy->data->qualifier_set;
extra->flags =
POLICY_DATA_FLAG_SHARED_QUALIFIERS | POLICY_DATA_FLAG_EXTRA_NODE;
@@ -635,11 +682,13 @@
}
if (!tree->user_policies) {
tree->user_policies = sk_X509_POLICY_NODE_new_null();
- if (!tree->user_policies)
+ if (!tree->user_policies) {
return 1;
+ }
}
- if (!sk_X509_POLICY_NODE_push(tree->user_policies, node))
+ if (!sk_X509_POLICY_NODE_push(tree->user_policies, node)) {
return 0;
+ }
}
return 1;
}
@@ -651,47 +700,56 @@
for (i = 1; i < tree->nlevel; i++, curr++) {
cache = policy_cache_set(curr->cert);
- if (!tree_link_nodes(curr, cache))
+ if (!tree_link_nodes(curr, cache)) {
return 0;
+ }
if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) &&
- !tree_link_any(curr, cache, tree))
+ !tree_link_any(curr, cache, tree)) {
return 0;
+ }
tree_print("before tree_prune()", tree, curr);
ret = tree_prune(tree, curr);
- if (ret != 1)
+ if (ret != 1) {
return ret;
+ }
}
return 1;
}
static void exnode_free(X509_POLICY_NODE *node) {
- if (node->data && (node->data->flags & POLICY_DATA_FLAG_EXTRA_NODE))
+ if (node->data && (node->data->flags & POLICY_DATA_FLAG_EXTRA_NODE)) {
OPENSSL_free(node);
+ }
}
void X509_policy_tree_free(X509_POLICY_TREE *tree) {
X509_POLICY_LEVEL *curr;
int i;
- if (!tree)
+ if (!tree) {
return;
+ }
sk_X509_POLICY_NODE_free(tree->auth_policies);
sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free);
for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) {
- if (curr->cert)
+ if (curr->cert) {
X509_free(curr->cert);
- if (curr->nodes)
+ }
+ if (curr->nodes) {
sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free);
- if (curr->anyPolicy)
+ }
+ if (curr->anyPolicy) {
policy_node_free(curr->anyPolicy);
+ }
}
- if (tree->extra_data)
+ if (tree->extra_data) {
sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free);
+ }
OPENSSL_free(tree->levels);
OPENSSL_free(tree);
@@ -745,7 +803,7 @@
/* Tree OK: continue */
case 1:
- if (!tree)
+ if (!tree) {
/*
* tree_init() returns success and a null tree
* if it's just looking at a trust anchor.
@@ -755,50 +813,59 @@
* interprets as a malloc failure is wrong.
*/
return 1;
+ }
break;
}
- if (!tree)
+ if (!tree) {
goto error;
+ }
ret = tree_evaluate(tree);
tree_print("tree_evaluate()", tree, NULL);
- if (ret <= 0)
+ if (ret <= 0) {
goto error;
+ }
/* Return value 2 means tree empty */
if (ret == 2) {
X509_policy_tree_free(tree);
- if (*pexplicit_policy)
+ if (*pexplicit_policy) {
return -2;
- else
+ } else {
return 1;
+ }
}
/* Tree is not empty: continue */
calc_ret = tree_calculate_authority_set(tree, &auth_nodes);
- if (!calc_ret)
+ if (!calc_ret) {
goto error;
+ }
ret = tree_calculate_user_set(tree, policy_oids, auth_nodes);
- if (calc_ret == 2)
+ if (calc_ret == 2) {
sk_X509_POLICY_NODE_free(auth_nodes);
+ }
- if (!ret)
+ if (!ret) {
goto error;
+ }
- if (tree)
+ if (tree) {
*ptree = tree;
+ }
if (*pexplicit_policy) {
nodes = X509_policy_tree_get0_user_policies(tree);
- if (sk_X509_POLICY_NODE_num(nodes) <= 0)
+ if (sk_X509_POLICY_NODE_num(nodes) <= 0) {
return -2;
+ }
}
return 1;
diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c
index ec39b57..e893561 100644
--- a/crypto/x509v3/v3_akey.c
+++ b/crypto/x509v3/v3_akey.c
@@ -153,12 +153,14 @@
cnf = sk_CONF_VALUE_value(values, i);
if (!strcmp(cnf->name, "keyid")) {
keyid = 1;
- if (cnf->value && !strcmp(cnf->value, "always"))
+ if (cnf->value && !strcmp(cnf->value, "always")) {
keyid = 2;
+ }
} else if (!strcmp(cnf->name, "issuer")) {
issuer = 1;
- if (cnf->value && !strcmp(cnf->value, "always"))
+ if (cnf->value && !strcmp(cnf->value, "always")) {
issuer = 2;
+ }
} else {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNKNOWN_OPTION);
ERR_add_error_data(2, "name=", cnf->name);
@@ -167,8 +169,9 @@
}
if (!ctx || !ctx->issuer_cert) {
- if (ctx && (ctx->flags == CTX_TEST))
+ if (ctx && (ctx->flags == CTX_TEST)) {
return AUTHORITY_KEYID_new();
+ }
OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_ISSUER_CERTIFICATE);
return NULL;
}
@@ -177,8 +180,9 @@
if (keyid) {
j = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
- if ((j >= 0) && (ext = X509_get_ext(cert, j)))
+ if ((j >= 0) && (ext = X509_get_ext(cert, j))) {
ikeyid = X509V3_EXT_d2i(ext);
+ }
if (keyid == 2 && !ikeyid) {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
return NULL;
@@ -194,8 +198,9 @@
}
}
- if (!(akeyid = AUTHORITY_KEYID_new()))
+ if (!(akeyid = AUTHORITY_KEYID_new())) {
goto err;
+ }
if (isname) {
if (!(gens = sk_GENERAL_NAME_new_null()) || !(gen = GENERAL_NAME_new()) ||
diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c
index 93427ab..3f47901 100644
--- a/crypto/x509v3/v3_alt.c
+++ b/crypto/x509v3/v3_alt.c
@@ -108,8 +108,9 @@
}
ret = tmp;
}
- if (!ret)
+ if (!ret) {
return sk_CONF_VALUE_new_null();
+ }
return ret;
}
@@ -124,69 +125,80 @@
int i;
switch (gen->type) {
case GEN_OTHERNAME:
- if (!X509V3_add_value("othername", "<unsupported>", &ret))
+ if (!X509V3_add_value("othername", "<unsupported>", &ret)) {
return NULL;
+ }
break;
case GEN_X400:
- if (!X509V3_add_value("X400Name", "<unsupported>", &ret))
+ if (!X509V3_add_value("X400Name", "<unsupported>", &ret)) {
return NULL;
+ }
break;
case GEN_EDIPARTY:
- if (!X509V3_add_value("EdiPartyName", "<unsupported>", &ret))
+ if (!X509V3_add_value("EdiPartyName", "<unsupported>", &ret)) {
return NULL;
+ }
break;
case GEN_EMAIL:
- if (!x509V3_add_value_asn1_string("email", gen->d.ia5, &ret))
+ if (!x509V3_add_value_asn1_string("email", gen->d.ia5, &ret)) {
return NULL;
+ }
break;
case GEN_DNS:
- if (!x509V3_add_value_asn1_string("DNS", gen->d.ia5, &ret))
+ if (!x509V3_add_value_asn1_string("DNS", gen->d.ia5, &ret)) {
return NULL;
+ }
break;
case GEN_URI:
- if (!x509V3_add_value_asn1_string("URI", gen->d.ia5, &ret))
+ if (!x509V3_add_value_asn1_string("URI", gen->d.ia5, &ret)) {
return NULL;
+ }
break;
case GEN_DIRNAME:
if (X509_NAME_oneline(gen->d.dirn, oline, 256) == NULL ||
- !X509V3_add_value("DirName", oline, &ret))
+ !X509V3_add_value("DirName", oline, &ret)) {
return NULL;
+ }
break;
case GEN_IPADD:
p = gen->d.ip->data;
- if (gen->d.ip->length == 4)
+ if (gen->d.ip->length == 4) {
BIO_snprintf(oline, sizeof(oline), "%d.%d.%d.%d", p[0], p[1], p[2],
p[3]);
- else if (gen->d.ip->length == 16) {
+ } else if (gen->d.ip->length == 16) {
oline[0] = 0;
for (i = 0; i < 8; i++) {
uint16_t v = ((uint16_t)p[0] << 8) | p[1];
BIO_snprintf(htmp, sizeof(htmp), "%X", v);
p += 2;
OPENSSL_strlcat(oline, htmp, sizeof(oline));
- if (i != 7)
+ if (i != 7) {
OPENSSL_strlcat(oline, ":", sizeof(oline));
+ }
}
} else {
- if (!X509V3_add_value("IP Address", "<invalid>", &ret))
+ if (!X509V3_add_value("IP Address", "<invalid>", &ret)) {
return NULL;
+ }
break;
}
- if (!X509V3_add_value("IP Address", oline, &ret))
+ if (!X509V3_add_value("IP Address", oline, &ret)) {
return NULL;
+ }
break;
case GEN_RID:
i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
- if (!X509V3_add_value("Registered ID", oline, &ret))
+ if (!X509V3_add_value("Registered ID", oline, &ret)) {
return NULL;
+ }
break;
}
return ret;
@@ -231,9 +243,9 @@
case GEN_IPADD:
p = gen->d.ip->data;
- if (gen->d.ip->length == 4)
+ if (gen->d.ip->length == 4) {
BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
- else if (gen->d.ip->length == 16) {
+ } else if (gen->d.ip->length == 16) {
BIO_printf(out, "IP Address");
for (i = 0; i < 8; i++) {
uint16_t v = ((uint16_t)p[0] << 8) | p[1];
@@ -268,12 +280,14 @@
cnf = sk_CONF_VALUE_value(nval, i);
if (!x509v3_name_cmp(cnf->name, "issuer") && cnf->value &&
!strcmp(cnf->value, "copy")) {
- if (!copy_issuer(ctx, gens))
+ if (!copy_issuer(ctx, gens)) {
goto err;
+ }
} else {
GENERAL_NAME *gen;
- if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+ if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) {
goto err;
+ }
sk_GENERAL_NAME_push(gens, gen);
}
}
@@ -286,15 +300,17 @@
/* Append subject altname of issuer to issuer alt name of subject */
static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) {
- if (ctx && (ctx->flags == CTX_TEST))
+ if (ctx && (ctx->flags == CTX_TEST)) {
return 1;
+ }
if (!ctx || !ctx->issuer_cert) {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_ISSUER_DETAILS);
return 0;
}
int i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
- if (i < 0)
+ if (i < 0) {
return 1;
+ }
int ret = 0;
GENERAL_NAMES *ialt = NULL;
@@ -335,16 +351,19 @@
cnf = sk_CONF_VALUE_value(nval, i);
if (!x509v3_name_cmp(cnf->name, "email") && cnf->value &&
!strcmp(cnf->value, "copy")) {
- if (!copy_email(ctx, gens, 0))
+ if (!copy_email(ctx, gens, 0)) {
goto err;
+ }
} else if (!x509v3_name_cmp(cnf->name, "email") && cnf->value &&
!strcmp(cnf->value, "move")) {
- if (!copy_email(ctx, gens, 1))
+ if (!copy_email(ctx, gens, 1)) {
goto err;
+ }
} else {
GENERAL_NAME *gen;
- if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+ if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) {
goto err;
+ }
sk_GENERAL_NAME_push(gens, gen);
}
}
@@ -364,17 +383,19 @@
X509_NAME_ENTRY *ne;
GENERAL_NAME *gen = NULL;
int i;
- if (ctx != NULL && ctx->flags == CTX_TEST)
+ if (ctx != NULL && ctx->flags == CTX_TEST) {
return 1;
+ }
if (!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_SUBJECT_DETAILS);
goto err;
}
/* Find the subject name */
- if (ctx->subject_cert)
+ if (ctx->subject_cert) {
nm = X509_get_subject_name(ctx->subject_cert);
- else
+ } else {
nm = X509_REQ_get_subject_name(ctx->subject_req);
+ }
/* Now add any email address(es) to STACK */
i = -1;
@@ -420,8 +441,9 @@
}
for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
cnf = sk_CONF_VALUE_value(nval, i);
- if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+ if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) {
goto err;
+ }
sk_GENERAL_NAME_push(gens, gen);
}
return gens;
@@ -446,9 +468,9 @@
return NULL;
}
- if (out)
+ if (out) {
gen = out;
- else {
+ } else {
gen = GENERAL_NAME_new();
if (gen == NULL) {
OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
@@ -474,10 +496,11 @@
} break;
case GEN_IPADD:
- if (is_nc)
+ if (is_nc) {
gen->d.ip = a2i_IPADDRESS_NC(value);
- else
+ } else {
gen->d.ip = a2i_IPADDRESS(value);
+ }
if (gen->d.ip == NULL) {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_BAD_IP_ADDRESS);
ERR_add_error_data(2, "value=", value);
@@ -516,8 +539,9 @@
return gen;
err:
- if (!out)
+ if (!out) {
GENERAL_NAME_free(gen);
+ }
return NULL;
}
@@ -536,21 +560,21 @@
return NULL;
}
- if (!x509v3_name_cmp(name, "email"))
+ if (!x509v3_name_cmp(name, "email")) {
type = GEN_EMAIL;
- else if (!x509v3_name_cmp(name, "URI"))
+ } else if (!x509v3_name_cmp(name, "URI")) {
type = GEN_URI;
- else if (!x509v3_name_cmp(name, "DNS"))
+ } else if (!x509v3_name_cmp(name, "DNS")) {
type = GEN_DNS;
- else if (!x509v3_name_cmp(name, "RID"))
+ } else if (!x509v3_name_cmp(name, "RID")) {
type = GEN_RID;
- else if (!x509v3_name_cmp(name, "IP"))
+ } else if (!x509v3_name_cmp(name, "IP")) {
type = GEN_IPADD;
- else if (!x509v3_name_cmp(name, "dirName"))
+ } else if (!x509v3_name_cmp(name, "dirName")) {
type = GEN_DIRNAME;
- else if (!x509v3_name_cmp(name, "otherName"))
+ } else if (!x509v3_name_cmp(name, "otherName")) {
type = GEN_OTHERNAME;
- else {
+ } else {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNSUPPORTED_OPTION);
ERR_add_error_data(2, "name=", name);
return NULL;
@@ -563,26 +587,31 @@
char *objtmp = NULL;
const char *p;
int objlen;
- if (!(p = strchr(value, ';')))
+ if (!(p = strchr(value, ';'))) {
return 0;
- if (!(gen->d.otherName = OTHERNAME_new()))
+ }
+ if (!(gen->d.otherName = OTHERNAME_new())) {
return 0;
+ }
/*
* Free this up because we will overwrite it. no need to free type_id
* because it is static
*/
ASN1_TYPE_free(gen->d.otherName->value);
- if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)))
+ if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx))) {
return 0;
+ }
objlen = p - value;
objtmp = OPENSSL_malloc(objlen + 1);
- if (objtmp == NULL)
+ if (objtmp == NULL) {
return 0;
+ }
OPENSSL_strlcpy(objtmp, value, objlen + 1);
gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);
OPENSSL_free(objtmp);
- if (!gen->d.otherName->type_id)
+ if (!gen->d.otherName->type_id) {
return 0;
+ }
return 1;
}
@@ -590,8 +619,9 @@
int ret = 0;
STACK_OF(CONF_VALUE) *sk = NULL;
X509_NAME *nm = X509_NAME_new();
- if (nm == NULL)
+ if (nm == NULL) {
goto err;
+ }
sk = X509V3_get_section(ctx, value);
if (sk == NULL) {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_SECTION_NOT_FOUND);
@@ -599,14 +629,16 @@
goto err;
}
/* FIXME: should allow other character types... */
- if (!X509V3_NAME_from_section(nm, sk, MBSTRING_ASC))
+ if (!X509V3_NAME_from_section(nm, sk, MBSTRING_ASC)) {
goto err;
+ }
gen->d.dirn = nm;
ret = 1;
err:
- if (!ret)
+ if (!ret) {
X509_NAME_free(nm);
+ }
X509V3_section_free(ctx, sk);
return ret;
}
diff --git a/crypto/x509v3/v3_bcons.c b/crypto/x509v3/v3_bcons.c
index 0458a23..db55f06 100644
--- a/crypto/x509v3/v3_bcons.c
+++ b/crypto/x509v3/v3_bcons.c
@@ -116,11 +116,13 @@
for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
val = sk_CONF_VALUE_value(values, i);
if (!strcmp(val->name, "CA")) {
- if (!X509V3_get_value_bool(val, &bcons->ca))
+ if (!X509V3_get_value_bool(val, &bcons->ca)) {
goto err;
+ }
} else if (!strcmp(val->name, "pathlen")) {
- if (!X509V3_get_value_int(val, &bcons->pathlen))
+ if (!X509V3_get_value_int(val, &bcons->pathlen)) {
goto err;
+ }
} else {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NAME);
X509V3_conf_err(val);
diff --git a/crypto/x509v3/v3_bitst.c b/crypto/x509v3/v3_bitst.c
index 2579d3a..9562826 100644
--- a/crypto/x509v3/v3_bitst.c
+++ b/crypto/x509v3/v3_bitst.c
@@ -94,8 +94,9 @@
const ASN1_BIT_STRING *bits = ext;
const BIT_STRING_BITNAME *bnam;
for (bnam = method->usr_data; bnam->lname; bnam++) {
- if (ASN1_BIT_STRING_get_bit(bits, bnam->bitnum))
+ if (ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) {
X509V3_add_value(bnam->lname, NULL, &ret);
+ }
}
return ret;
}
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
index 92d1240..1c10158 100644
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -92,8 +92,9 @@
int ext_type;
X509_EXTENSION *ret;
crit = v3_check_critical(&value);
- if ((ext_type = v3_check_generic(&value)))
+ if ((ext_type = v3_check_generic(&value))) {
return v3_generic_extension(name, value, crit, ext_type, ctx);
+ }
ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
if (!ret) {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_ERROR_IN_EXTENSION);
@@ -109,9 +110,10 @@
int crit;
int ext_type;
crit = v3_check_critical(&value);
- if ((ext_type = v3_check_generic(&value)))
+ if ((ext_type = v3_check_generic(&value))) {
return v3_generic_extension(OBJ_nid2sn(ext_nid), value, crit, ext_type,
ctx);
+ }
return do_ext_nconf(conf, ctx, ext_nid, crit, value);
}
@@ -133,32 +135,38 @@
}
/* Now get internal extension representation based on type */
if (method->v2i) {
- if (*value == '@')
+ if (*value == '@') {
nval = NCONF_get_section(conf, value + 1);
- else
+ } else {
nval = X509V3_parse_list(value);
+ }
if (nval == NULL || sk_CONF_VALUE_num(nval) <= 0) {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_EXTENSION_STRING);
ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
- if (*value != '@')
+ if (*value != '@') {
sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
+ }
return NULL;
}
ext_struc = method->v2i(method, ctx, nval);
- if (*value != '@')
+ if (*value != '@') {
sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
- if (!ext_struc)
+ }
+ if (!ext_struc) {
return NULL;
+ }
} else if (method->s2i) {
- if (!(ext_struc = method->s2i(method, ctx, value)))
+ if (!(ext_struc = method->s2i(method, ctx, value))) {
return NULL;
+ }
} else if (method->r2i) {
if (!ctx->db || !ctx->db_meth) {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_CONFIG_DATABASE);
return NULL;
}
- if (!(ext_struc = method->r2i(method, ctx, value)))
+ if (!(ext_struc = method->r2i(method, ctx, value))) {
return NULL;
+ }
} else {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
@@ -166,10 +174,11 @@
}
ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
- if (method->it)
+ if (method->it) {
ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
- else
+ } else {
method->ext_free(ext_struc);
+ }
return ext;
}
@@ -183,24 +192,28 @@
if (method->it) {
ext_der = NULL;
ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
- if (ext_len < 0)
+ if (ext_len < 0) {
goto merr;
+ }
} else {
unsigned char *p;
ext_len = method->i2d(ext_struc, NULL);
- if (!(ext_der = OPENSSL_malloc(ext_len)))
+ if (!(ext_der = OPENSSL_malloc(ext_len))) {
goto merr;
+ }
p = ext_der;
method->i2d(ext_struc, &p);
}
- if (!(ext_oct = ASN1_OCTET_STRING_new()))
+ if (!(ext_oct = ASN1_OCTET_STRING_new())) {
goto merr;
+ }
ext_oct->data = ext_der;
ext_oct->length = ext_len;
ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
- if (!ext)
+ if (!ext) {
goto merr;
+ }
ASN1_OCTET_STRING_free(ext_oct);
return ext;
@@ -224,11 +237,13 @@
/* Check the extension string for critical flag */
static int v3_check_critical(const char **value) {
const char *p = *value;
- if ((strlen(p) < 9) || strncmp(p, "critical,", 9))
+ if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) {
return 0;
+ }
p += 9;
- while (isspace((unsigned char)*p))
+ while (isspace((unsigned char)*p)) {
p++;
+ }
*value = p;
return 1;
}
@@ -243,11 +258,13 @@
} else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) {
p += 5;
gen_type = 2;
- } else
+ } else {
return 0;
+ }
- while (isspace((unsigned char)*p))
+ while (isspace((unsigned char)*p)) {
p++;
+ }
*value = p;
return gen_type;
}
@@ -267,10 +284,11 @@
goto err;
}
- if (gen_type == 1)
+ if (gen_type == 1) {
ext_der = x509v3_hex_to_bytes(value, &ext_len);
- else if (gen_type == 2)
+ } else if (gen_type == 2) {
ext_der = generic_asn1(value, ctx, &ext_len);
+ }
if (ext_der == NULL) {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_EXTENSION_VALUE_ERROR);
@@ -292,8 +310,9 @@
err:
ASN1_OBJECT_free(obj);
ASN1_OCTET_STRING_free(oct);
- if (ext_der)
+ if (ext_der) {
OPENSSL_free(ext_der);
+ }
return extension;
}
@@ -302,8 +321,9 @@
ASN1_TYPE *typ;
unsigned char *ext_der = NULL;
typ = ASN1_generate_v3(value, ctx);
- if (typ == NULL)
+ if (typ == NULL) {
return NULL;
+ }
*ext_len = i2d_ASN1_TYPE(typ, &ext_der);
ASN1_TYPE_free(typ);
return ext_der;
@@ -320,14 +340,17 @@
STACK_OF(CONF_VALUE) *nval;
CONF_VALUE *val;
size_t i;
- if (!(nval = NCONF_get_section(conf, section)))
+ if (!(nval = NCONF_get_section(conf, section))) {
return 0;
+ }
for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
val = sk_CONF_VALUE_value(nval, i);
- if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
+ if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) {
return 0;
- if (sk)
+ }
+ if (sk) {
X509v3_add_ext(sk, ext, -1);
+ }
X509_EXTENSION_free(ext);
}
return 1;
@@ -340,8 +363,9 @@
int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
X509 *cert) {
STACK_OF(X509_EXTENSION) **sk = NULL;
- if (cert)
+ if (cert) {
sk = &cert->cert_info->extensions;
+ }
return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
}
@@ -350,8 +374,9 @@
int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
X509_CRL *crl) {
STACK_OF(X509_EXTENSION) **sk = NULL;
- if (crl)
+ if (crl) {
sk = &crl->crl->extensions;
+ }
return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
}
@@ -361,11 +386,13 @@
X509_REQ *req) {
STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
int i;
- if (req)
+ if (req) {
sk = &extlist;
+ }
i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
- if (!i || !sk)
+ if (!i || !sk) {
return i;
+ }
i = X509_REQ_add_extensions(req, extlist);
sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
return i;
@@ -379,8 +406,9 @@
OPENSSL_PUT_ERROR(X509V3, X509V3_R_OPERATION_NOT_DEFINED);
return NULL;
}
- if (ctx->db_meth->get_string)
+ if (ctx->db_meth->get_string) {
return ctx->db_meth->get_string(ctx->db, name, section);
+ }
return NULL;
}
@@ -389,23 +417,28 @@
OPENSSL_PUT_ERROR(X509V3, X509V3_R_OPERATION_NOT_DEFINED);
return NULL;
}
- if (ctx->db_meth->get_section)
+ if (ctx->db_meth->get_section) {
return ctx->db_meth->get_section(ctx->db, section);
+ }
return NULL;
}
void X509V3_string_free(X509V3_CTX *ctx, char *str) {
- if (!str)
+ if (!str) {
return;
- if (ctx->db_meth->free_string)
+ }
+ if (ctx->db_meth->free_string) {
ctx->db_meth->free_string(ctx->db, str);
+ }
}
void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) {
- if (!section)
+ if (!section) {
return;
- if (ctx->db_meth->free_section)
+ }
+ if (ctx->db_meth->free_section) {
ctx->db_meth->free_section(ctx->db, section);
+ }
}
static char *nconf_get_string(void *db, const char *section,
diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c
index ecfef44..d2a6747 100644
--- a/crypto/x509v3/v3_cpols.c
+++ b/crypto/x509v3/v3_cpols.c
@@ -190,8 +190,9 @@
}
pol = policy_section(ctx, polsect, ia5org);
X509V3_section_free(ctx, polsect);
- if (!pol)
+ if (!pol) {
goto err;
+ }
} else {
if (!(pobj = OBJ_txt2obj(cnf->name, 0))) {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER);
@@ -226,8 +227,9 @@
CONF_VALUE *cnf;
POLICYINFO *pol;
POLICYQUALINFO *qual;
- if (!(pol = POLICYINFO_new()))
+ if (!(pol = POLICYINFO_new())) {
goto merr;
+ }
for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
cnf = sk_CONF_VALUE_value(polstrs, i);
if (!strcmp(cnf->name, "policyIdentifier")) {
@@ -240,12 +242,15 @@
pol->policyid = pobj;
} else if (!x509v3_name_cmp(cnf->name, "CPS")) {
- if (!pol->qualifiers)
+ if (!pol->qualifiers) {
pol->qualifiers = sk_POLICYQUALINFO_new_null();
- if (!(qual = POLICYQUALINFO_new()))
+ }
+ if (!(qual = POLICYQUALINFO_new())) {
goto merr;
- if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
+ }
+ if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) {
goto merr;
+ }
qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
if (qual->pqualid == NULL) {
OPENSSL_PUT_ERROR(X509V3, ERR_R_INTERNAL_ERROR);
@@ -255,8 +260,9 @@
if (qual->d.cpsuri == NULL) {
goto err;
}
- if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, strlen(cnf->value)))
+ if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, strlen(cnf->value))) {
goto merr;
+ }
} else if (!x509v3_name_cmp(cnf->name, "userNotice")) {
STACK_OF(CONF_VALUE) *unot;
if (*cnf->value != '@') {
@@ -273,12 +279,15 @@
}
qual = notice_section(ctx, unot, ia5org);
X509V3_section_free(ctx, unot);
- if (!qual)
+ if (!qual) {
goto err;
- if (!pol->qualifiers)
+ }
+ if (!pol->qualifiers) {
pol->qualifiers = sk_POLICYQUALINFO_new_null();
- if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
+ }
+ if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) {
goto merr;
+ }
} else {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_OPTION);
@@ -308,47 +317,58 @@
CONF_VALUE *cnf;
USERNOTICE * not ;
POLICYQUALINFO *qual;
- if (!(qual = POLICYQUALINFO_new()))
+ if (!(qual = POLICYQUALINFO_new())) {
goto merr;
+ }
qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
if (qual->pqualid == NULL) {
OPENSSL_PUT_ERROR(X509V3, ERR_R_INTERNAL_ERROR);
goto err;
}
- if (!(not = USERNOTICE_new()))
+ if (!(not = USERNOTICE_new())) {
goto merr;
+ }
qual->d.usernotice = not ;
for (i = 0; i < sk_CONF_VALUE_num(unot); i++) {
cnf = sk_CONF_VALUE_value(unot, i);
if (!strcmp(cnf->name, "explicitText")) {
not ->exptext = ASN1_VISIBLESTRING_new();
- if (not ->exptext == NULL)
+ if (not ->exptext == NULL) {
goto merr;
- if (!ASN1_STRING_set(not ->exptext, cnf->value, strlen(cnf->value)))
+ }
+ if (!ASN1_STRING_set(not ->exptext, cnf->value, strlen(cnf->value))) {
goto merr;
+ }
} else if (!strcmp(cnf->name, "organization")) {
NOTICEREF *nref;
if (!not ->noticeref) {
- if (!(nref = NOTICEREF_new()))
+ if (!(nref = NOTICEREF_new())) {
goto merr;
+ }
not ->noticeref = nref;
- } else
+ } else {
nref = not ->noticeref;
- if (ia5org)
+ }
+ if (ia5org) {
nref->organization->type = V_ASN1_IA5STRING;
- else
+ } else {
nref->organization->type = V_ASN1_VISIBLESTRING;
- if (!ASN1_STRING_set(nref->organization, cnf->value, strlen(cnf->value)))
+ }
+ if (!ASN1_STRING_set(nref->organization, cnf->value,
+ strlen(cnf->value))) {
goto merr;
+ }
} else if (!strcmp(cnf->name, "noticeNumbers")) {
NOTICEREF *nref;
STACK_OF(CONF_VALUE) *nos;
if (!not ->noticeref) {
- if (!(nref = NOTICEREF_new()))
+ if (!(nref = NOTICEREF_new())) {
goto merr;
+ }
not ->noticeref = nref;
- } else
+ } else {
nref = not ->noticeref;
+ }
nos = X509V3_parse_list(cnf->value);
if (!nos || !sk_CONF_VALUE_num(nos)) {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NUMBERS);
@@ -357,8 +377,9 @@
}
ret = nref_nos(nref->noticenos, nos);
sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
- if (!ret)
+ if (!ret) {
goto err;
+ }
} else {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_OPTION);
X509V3_conf_err(cnf);
@@ -394,8 +415,9 @@
OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NUMBER);
goto err;
}
- if (!sk_ASN1_INTEGER_push(nnums, aint))
+ if (!sk_ASN1_INTEGER_push(nnums, aint)) {
goto merr;
+ }
}
return 1;
@@ -416,8 +438,9 @@
BIO_printf(out, "%*sPolicy: ", indent, "");
i2a_ASN1_OBJECT(out, pinfo->policyid);
BIO_puts(out, "\n");
- if (pinfo->qualifiers)
+ if (pinfo->qualifiers) {
print_qualifiers(out, pinfo->qualifiers, indent + 2);
+ }
}
return 1;
}
@@ -459,23 +482,26 @@
ASN1_INTEGER *num;
char *tmp;
num = sk_ASN1_INTEGER_value(ref->noticenos, i);
- if (i)
+ if (i) {
BIO_puts(out, ", ");
- if (num == NULL)
+ }
+ if (num == NULL) {
BIO_puts(out, "(null)");
- else {
+ } else {
tmp = i2s_ASN1_INTEGER(NULL, num);
- if (tmp == NULL)
+ if (tmp == NULL) {
return;
+ }
BIO_puts(out, tmp);
OPENSSL_free(tmp);
}
}
BIO_puts(out, "\n");
}
- if (notice->exptext)
+ if (notice->exptext) {
BIO_printf(out, "%*sExplicit Text: %.*s\n", indent, "",
notice->exptext->length, notice->exptext->data);
+ }
}
void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) {
@@ -487,8 +513,9 @@
BIO_puts(out, "\n");
BIO_printf(out, "%*s%s\n", indent + 2, "",
node_data_critical(dat) ? "Critical" : "Non Critical");
- if (dat->qualifier_set)
+ if (dat->qualifier_set) {
print_qualifiers(out, dat->qualifier_set, indent + 2);
- else
+ } else {
BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
+ }
}
diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c
index 14278a0..a7b9ff3 100644
--- a/crypto/x509v3/v3_crld.c
+++ b/crypto/x509v3/v3_crld.c
@@ -113,19 +113,21 @@
char *sect) {
STACK_OF(CONF_VALUE) *gnsect;
STACK_OF(GENERAL_NAME) *gens;
- if (*sect == '@')
+ if (*sect == '@') {
gnsect = X509V3_get_section(ctx, sect + 1);
- else
+ } else {
gnsect = X509V3_parse_list(sect);
+ }
if (!gnsect) {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_SECTION_NOT_FOUND);
return NULL;
}
gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect);
- if (*sect == '@')
+ if (*sect == '@') {
X509V3_section_free(ctx, gnsect);
- else
+ } else {
sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free);
+ }
return gens;
}
@@ -135,15 +137,17 @@
STACK_OF(X509_NAME_ENTRY) *rnm = NULL;
if (!strncmp(cnf->name, "fullname", 9)) {
fnm = gnames_from_sectname(ctx, cnf->value);
- if (!fnm)
+ if (!fnm) {
goto err;
+ }
} else if (!strcmp(cnf->name, "relativename")) {
int ret;
STACK_OF(CONF_VALUE) *dnsect;
X509_NAME *nm;
nm = X509_NAME_new();
- if (!nm)
+ if (!nm) {
return -1;
+ }
dnsect = X509V3_get_section(ctx, cnf->value);
if (!dnsect) {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_SECTION_NOT_FOUND);
@@ -154,8 +158,9 @@
rnm = nm->entries;
nm->entries = NULL;
X509_NAME_free(nm);
- if (!ret || sk_X509_NAME_ENTRY_num(rnm) <= 0)
+ if (!ret || sk_X509_NAME_ENTRY_num(rnm) <= 0) {
goto err;
+ }
/*
* Since its a name fragment can't have more than one RDNSequence
*/
@@ -163,8 +168,9 @@
OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_MULTIPLE_RDNS);
goto err;
}
- } else
+ } else {
return 0;
+ }
if (*pdp) {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_DISTPOINT_ALREADY_SET);
@@ -172,8 +178,9 @@
}
*pdp = DIST_POINT_NAME_new();
- if (!*pdp)
+ if (!*pdp) {
goto err;
+ }
if (fnm) {
(*pdp)->type = 0;
(*pdp)->name.fullname = fnm;
@@ -185,10 +192,12 @@
return 1;
err:
- if (fnm)
+ if (fnm) {
sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free);
- if (rnm)
+ }
+ if (rnm) {
sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);
+ }
return -1;
}
@@ -211,26 +220,31 @@
size_t i;
int ret = 0;
rsk = X509V3_parse_list(value);
- if (!rsk)
+ if (!rsk) {
return 0;
- if (*preas)
+ }
+ if (*preas) {
return 0;
+ }
for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) {
bnam = sk_CONF_VALUE_value(rsk, i)->name;
if (!*preas) {
*preas = ASN1_BIT_STRING_new();
- if (!*preas)
+ if (!*preas) {
goto err;
+ }
}
for (pbn = reason_flags; pbn->lname; pbn++) {
if (!strcmp(pbn->sname, bnam)) {
- if (!ASN1_BIT_STRING_set_bit(*preas, pbn->bitnum, 1))
+ if (!ASN1_BIT_STRING_set_bit(*preas, pbn->bitnum, 1)) {
goto err;
+ }
break;
}
}
- if (!pbn->lname)
+ if (!pbn->lname) {
goto err;
+ }
}
ret = 1;
@@ -246,17 +260,19 @@
BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, "");
for (pbn = reason_flags; pbn->lname; pbn++) {
if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum)) {
- if (first)
+ if (first) {
first = 0;
- else
+ } else {
BIO_puts(out, ", ");
+ }
BIO_puts(out, pbn->lname);
}
}
- if (first)
+ if (first) {
BIO_puts(out, "<EMPTY>\n");
- else
+ } else {
BIO_puts(out, "\n");
+ }
return 1;
}
@@ -266,31 +282,37 @@
CONF_VALUE *cnf;
DIST_POINT *point = NULL;
point = DIST_POINT_new();
- if (!point)
+ if (!point) {
goto err;
+ }
for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
int ret;
cnf = sk_CONF_VALUE_value(nval, i);
ret = set_dist_point_name(&point->distpoint, ctx, cnf);
- if (ret > 0)
+ if (ret > 0) {
continue;
- if (ret < 0)
+ }
+ if (ret < 0) {
goto err;
+ }
if (!strcmp(cnf->name, "reasons")) {
- if (!set_reasons(&point->reasons, cnf->value))
+ if (!set_reasons(&point->reasons, cnf->value)) {
goto err;
+ }
} else if (!strcmp(cnf->name, "CRLissuer")) {
point->CRLissuer = gnames_from_sectname(ctx, cnf->value);
- if (!point->CRLissuer)
+ if (!point->CRLissuer) {
goto err;
+ }
}
}
return point;
err:
- if (point)
+ if (point) {
DIST_POINT_free(point);
+ }
return NULL;
}
@@ -301,40 +323,48 @@
GENERAL_NAME *gen = NULL;
CONF_VALUE *cnf;
size_t i;
- if (!(crld = sk_DIST_POINT_new_null()))
+ if (!(crld = sk_DIST_POINT_new_null())) {
goto merr;
+ }
for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
DIST_POINT *point;
cnf = sk_CONF_VALUE_value(nval, i);
if (!cnf->value) {
STACK_OF(CONF_VALUE) *dpsect;
dpsect = X509V3_get_section(ctx, cnf->name);
- if (!dpsect)
+ if (!dpsect) {
goto err;
+ }
point = crldp_from_section(ctx, dpsect);
X509V3_section_free(ctx, dpsect);
- if (!point)
+ if (!point) {
goto err;
+ }
if (!sk_DIST_POINT_push(crld, point)) {
DIST_POINT_free(point);
goto merr;
}
} else {
- if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+ if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) {
goto err;
- if (!(gens = GENERAL_NAMES_new()))
+ }
+ if (!(gens = GENERAL_NAMES_new())) {
goto merr;
- if (!sk_GENERAL_NAME_push(gens, gen))
+ }
+ if (!sk_GENERAL_NAME_push(gens, gen)) {
goto merr;
+ }
gen = NULL;
- if (!(point = DIST_POINT_new()))
+ if (!(point = DIST_POINT_new())) {
goto merr;
+ }
if (!sk_DIST_POINT_push(crld, point)) {
DIST_POINT_free(point);
goto merr;
}
- if (!(point->distpoint = DIST_POINT_NAME_new()))
+ if (!(point->distpoint = DIST_POINT_NAME_new())) {
goto merr;
+ }
point->distpoint->name.fullname = gens;
point->distpoint->type = 0;
gens = NULL;
@@ -361,8 +391,9 @@
break;
case ASN1_OP_FREE_POST:
- if (dpn->dpname)
+ if (dpn->dpname) {
X509_NAME_free(dpn->dpname);
+ }
break;
}
return 1;
@@ -433,32 +464,40 @@
size_t i;
int ret;
idp = ISSUING_DIST_POINT_new();
- if (!idp)
+ if (!idp) {
goto merr;
+ }
for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
cnf = sk_CONF_VALUE_value(nval, i);
name = cnf->name;
val = cnf->value;
ret = set_dist_point_name(&idp->distpoint, ctx, cnf);
- if (ret > 0)
+ if (ret > 0) {
continue;
- if (ret < 0)
+ }
+ if (ret < 0) {
goto err;
+ }
if (!strcmp(name, "onlyuser")) {
- if (!X509V3_get_value_bool(cnf, &idp->onlyuser))
+ if (!X509V3_get_value_bool(cnf, &idp->onlyuser)) {
goto err;
+ }
} else if (!strcmp(name, "onlyCA")) {
- if (!X509V3_get_value_bool(cnf, &idp->onlyCA))
+ if (!X509V3_get_value_bool(cnf, &idp->onlyCA)) {
goto err;
+ }
} else if (!strcmp(name, "onlyAA")) {
- if (!X509V3_get_value_bool(cnf, &idp->onlyattr))
+ if (!X509V3_get_value_bool(cnf, &idp->onlyattr)) {
goto err;
+ }
} else if (!strcmp(name, "indirectCRL")) {
- if (!X509V3_get_value_bool(cnf, &idp->indirectCRL))
+ if (!X509V3_get_value_bool(cnf, &idp->indirectCRL)) {
goto err;
+ }
} else if (!strcmp(name, "onlysomereasons")) {
- if (!set_reasons(&idp->onlysomereasons, val))
+ if (!set_reasons(&idp->onlysomereasons, val)) {
goto err;
+ }
} else {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NAME);
X509V3_conf_err(cnf);
@@ -501,21 +540,29 @@
static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
int indent) {
ISSUING_DIST_POINT *idp = pidp;
- if (idp->distpoint)
+ if (idp->distpoint) {
print_distpoint(out, idp->distpoint, indent);
- if (idp->onlyuser > 0)
+ }
+ if (idp->onlyuser > 0) {
BIO_printf(out, "%*sOnly User Certificates\n", indent, "");
- if (idp->onlyCA > 0)
+ }
+ if (idp->onlyCA > 0) {
BIO_printf(out, "%*sOnly CA Certificates\n", indent, "");
- if (idp->indirectCRL > 0)
+ }
+ if (idp->indirectCRL > 0) {
BIO_printf(out, "%*sIndirect CRL\n", indent, "");
- if (idp->onlysomereasons)
+ }
+ if (idp->onlysomereasons) {
print_reasons(out, "Only Some Reasons", idp->onlysomereasons, indent);
- if (idp->onlyattr > 0)
+ }
+ if (idp->onlyattr > 0) {
BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, "");
+ }
if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0) &&
- (idp->indirectCRL <= 0) && !idp->onlysomereasons && (idp->onlyattr <= 0))
+ (idp->indirectCRL <= 0) && !idp->onlysomereasons &&
+ (idp->onlyattr <= 0)) {
BIO_printf(out, "%*s<EMPTY>\n", indent, "");
+ }
return 1;
}
@@ -528,10 +575,12 @@
for (i = 0; i < sk_DIST_POINT_num(crld); i++) {
BIO_puts(out, "\n");
point = sk_DIST_POINT_value(crld, i);
- if (point->distpoint)
+ if (point->distpoint) {
print_distpoint(out, point->distpoint, indent);
- if (point->reasons)
+ }
+ if (point->reasons) {
print_reasons(out, "Reasons", point->reasons, indent);
+ }
if (point->CRLissuer) {
BIO_printf(out, "%*sCRL Issuer:\n", indent, "");
print_gens(out, point->CRLissuer, indent);
@@ -544,12 +593,14 @@
size_t i;
STACK_OF(X509_NAME_ENTRY) *frag;
X509_NAME_ENTRY *ne;
- if (!dpn || (dpn->type != 1))
+ if (!dpn || (dpn->type != 1)) {
return 1;
+ }
frag = dpn->name.relativename;
dpn->dpname = X509_NAME_dup(iname);
- if (!dpn->dpname)
+ if (!dpn->dpname) {
return 0;
+ }
for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++) {
ne = sk_X509_NAME_ENTRY_value(frag, i);
if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1)) {
diff --git a/crypto/x509v3/v3_enum.c b/crypto/x509v3/v3_enum.c
index de89855..cd93f30 100644
--- a/crypto/x509v3/v3_enum.c
+++ b/crypto/x509v3/v3_enum.c
@@ -87,8 +87,9 @@
const ASN1_ENUMERATED *e = ext;
long strval = ASN1_ENUMERATED_get(e);
for (const ENUMERATED_NAMES *enam = method->usr_data; enam->lname; enam++) {
- if (strval == enam->bitnum)
+ if (strval == enam->bitnum) {
return OPENSSL_strdup(enam->lname);
+ }
}
return i2s_ASN1_ENUMERATED(method, e);
}
diff --git a/crypto/x509v3/v3_extku.c b/crypto/x509v3/v3_extku.c
index 59a8a16..9d43b0f 100644
--- a/crypto/x509v3/v3_extku.c
+++ b/crypto/x509v3/v3_extku.c
@@ -140,10 +140,11 @@
for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
val = sk_CONF_VALUE_value(nval, i);
- if (val->value)
+ if (val->value) {
extval = val->value;
- else
+ } else {
extval = val->name;
+ }
if (!(objtmp = OBJ_txt2obj(extval, 0))) {
sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER);
diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c
index 4050bc3..4b37fc9 100644
--- a/crypto/x509v3/v3_genn.c
+++ b/crypto/x509v3/v3_genn.c
@@ -124,8 +124,9 @@
/* Returns 0 if they are equal, != 0 otherwise. */
int GENERAL_NAME_cmp(const GENERAL_NAME *a, const GENERAL_NAME *b) {
- if (!a || !b || a->type != b->type)
+ if (!a || !b || a->type != b->type) {
return -1;
+ }
switch (a->type) {
case GEN_X400:
@@ -159,11 +160,13 @@
int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b) {
int result = -1;
- if (!a || !b)
+ if (!a || !b) {
return -1;
+ }
/* Check their type first. */
- if ((result = OBJ_cmp(a->type_id, b->type_id)) != 0)
+ if ((result = OBJ_cmp(a->type_id, b->type_id)) != 0) {
return result;
+ }
/* Check the value. */
result = ASN1_TYPE_cmp(a->value, b->value);
return result;
@@ -205,8 +208,9 @@
}
void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype) {
- if (ptype)
+ if (ptype) {
*ptype = a->type;
+ }
switch (a->type) {
case GEN_X400:
return a->d.x400Address;
@@ -240,8 +244,9 @@
ASN1_TYPE *value) {
OTHERNAME *oth;
oth = OTHERNAME_new();
- if (!oth)
+ if (!oth) {
return 0;
+ }
ASN1_TYPE_free(oth->value);
oth->type_id = oid;
oth->value = value;
@@ -251,11 +256,14 @@
int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen, ASN1_OBJECT **poid,
ASN1_TYPE **pvalue) {
- if (gen->type != GEN_OTHERNAME)
+ if (gen->type != GEN_OTHERNAME) {
return 0;
- if (poid)
+ }
+ if (poid) {
*poid = gen->d.otherName->type_id;
- if (pvalue)
+ }
+ if (pvalue) {
*pvalue = gen->d.otherName->value;
+ }
return 1;
}
diff --git a/crypto/x509v3/v3_ia5.c b/crypto/x509v3/v3_ia5.c
index 0d3d821..8abf40c 100644
--- a/crypto/x509v3/v3_ia5.c
+++ b/crypto/x509v3/v3_ia5.c
@@ -73,8 +73,9 @@
static char *i2s_ASN1_IA5STRING(const X509V3_EXT_METHOD *method, void *ext) {
const ASN1_IA5STRING *ia5 = ext;
char *tmp;
- if (!ia5 || !ia5->length)
+ if (!ia5 || !ia5->length) {
return NULL;
+ }
if (!(tmp = OPENSSL_malloc(ia5->length + 1))) {
OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
return NULL;
@@ -91,8 +92,9 @@
OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_ARGUMENT);
return NULL;
}
- if (!(ia5 = ASN1_IA5STRING_new()))
+ if (!(ia5 = ASN1_IA5STRING_new())) {
goto err;
+ }
if (!ASN1_STRING_set(ia5, str, strlen(str))) {
ASN1_IA5STRING_free(ia5);
goto err;
diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c
index f9526a5..872346a 100644
--- a/crypto/x509v3/v3_info.c
+++ b/crypto/x509v3/v3_info.c
@@ -135,29 +135,33 @@
desc = sk_ACCESS_DESCRIPTION_value(ainfo, i);
tmp = i2v_GENERAL_NAME(method, desc->location, tret);
- if (tmp == NULL)
+ if (tmp == NULL) {
goto err;
+ }
tret = tmp;
vtmp = sk_CONF_VALUE_value(tret, i);
i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
ntmp = OPENSSL_malloc(nlen);
- if (ntmp == NULL)
+ if (ntmp == NULL) {
goto err;
+ }
OPENSSL_strlcpy(ntmp, objtmp, nlen);
OPENSSL_strlcat(ntmp, " - ", nlen);
OPENSSL_strlcat(ntmp, vtmp->name, nlen);
OPENSSL_free(vtmp->name);
vtmp->name = ntmp;
}
- if (ret == NULL && tret == NULL)
+ if (ret == NULL && tret == NULL) {
return sk_CONF_VALUE_new_null();
+ }
return tret;
err:
OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
- if (ret == NULL && tret != NULL)
+ if (ret == NULL && tret != NULL) {
sk_CONF_VALUE_pop_free(tret, X509V3_conf_free);
+ }
return NULL;
}
@@ -187,8 +191,9 @@
CONF_VALUE ctmp;
ctmp.name = ptmp + 1;
ctmp.value = cnf->value;
- if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0))
+ if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0)) {
goto err;
+ }
if (!(objtmp = OPENSSL_malloc(objlen + 1))) {
OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
goto err;
diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c
index 9dacd2c..9434d37 100644
--- a/crypto/x509v3/v3_lib.c
+++ b/crypto/x509v3/v3_lib.c
@@ -103,26 +103,31 @@
const X509V3_EXT_METHOD *t = &tmp, *const * ret;
size_t idx;
- if (nid < 0)
+ if (nid < 0) {
return NULL;
+ }
tmp.ext_nid = nid;
ret = bsearch(&t, standard_exts, STANDARD_EXTENSION_COUNT,
sizeof(X509V3_EXT_METHOD *), ext_cmp);
- if (ret)
+ if (ret) {
return *ret;
- if (!ext_list)
+ }
+ if (!ext_list) {
return NULL;
+ }
sk_X509V3_EXT_METHOD_sort(ext_list);
- if (!sk_X509V3_EXT_METHOD_find(ext_list, &idx, &tmp))
+ if (!sk_X509V3_EXT_METHOD_find(ext_list, &idx, &tmp)) {
return NULL;
+ }
return sk_X509V3_EXT_METHOD_value(ext_list, idx);
}
const X509V3_EXT_METHOD *X509V3_EXT_get(const X509_EXTENSION *ext) {
int nid;
- if ((nid = OBJ_obj2nid(ext->object)) == NID_undef)
+ if ((nid = OBJ_obj2nid(ext->object)) == NID_undef) {
return NULL;
+ }
return X509V3_EXT_get_nid(nid);
}
@@ -133,11 +138,11 @@
return 0;
}
- if (ext_method->it != NULL)
+ if (ext_method->it != NULL) {
ASN1_item_free(ext_data, ASN1_ITEM_ptr(ext_method->it));
- else if (ext_method->ext_free != NULL)
+ } else if (ext_method->ext_free != NULL) {
ext_method->ext_free(ext_data);
- else {
+ } else {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_CANNOT_FIND_FREE_FUNCTION);
return 0;
}
@@ -146,9 +151,11 @@
}
int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist) {
- for (; extlist->ext_nid != -1; extlist++)
- if (!X509V3_EXT_add(extlist))
+ for (; extlist->ext_nid != -1; extlist++) {
+ if (!X509V3_EXT_add(extlist)) {
return 0;
+ }
+ }
return 1;
}
@@ -177,8 +184,9 @@
}
static void ext_list_free(X509V3_EXT_METHOD *ext) {
- if (ext->ext_flags & X509V3_EXT_DYNAMIC)
+ if (ext->ext_flags & X509V3_EXT_DYNAMIC) {
OPENSSL_free(ext);
+ }
}
/*
@@ -194,8 +202,9 @@
const X509V3_EXT_METHOD *method;
const unsigned char *p;
- if (!(method = X509V3_EXT_get(ext)))
+ if (!(method = X509V3_EXT_get(ext))) {
return NULL;
+ }
p = ext->value->data;
void *ret;
if (method->it) {
@@ -226,18 +235,22 @@
size_t i;
X509_EXTENSION *ex, *found_ex = NULL;
if (!extensions) {
- if (out_idx)
+ if (out_idx) {
*out_idx = -1;
- if (out_critical)
+ }
+ if (out_critical) {
*out_critical = -1;
+ }
return NULL;
}
- if (out_idx)
+ if (out_idx) {
lastpos = *out_idx + 1;
- else
+ } else {
lastpos = 0;
- if (lastpos < 0)
+ }
+ if (lastpos < 0) {
lastpos = 0;
+ }
for (i = lastpos; i < sk_X509_EXTENSION_num(extensions); i++) {
ex = sk_X509_EXTENSION_value(extensions, i);
if (OBJ_obj2nid(ex->object) == nid) {
@@ -249,8 +262,9 @@
break;
} else if (found_ex) {
/* Found more than one */
- if (out_critical)
+ if (out_critical) {
*out_critical = -2;
+ }
return NULL;
}
found_ex = ex;
@@ -258,16 +272,19 @@
}
if (found_ex) {
/* Found it */
- if (out_critical)
+ if (out_critical) {
*out_critical = X509_EXTENSION_get_critical(found_ex);
+ }
return X509V3_EXT_d2i(found_ex);
}
/* Extension not found */
- if (out_idx)
+ if (out_idx) {
*out_idx = -1;
- if (out_critical)
+ }
+ if (out_critical) {
*out_critical = -1;
+ }
return NULL;
}
@@ -288,14 +305,16 @@
* If appending we don't care if it exists, otherwise look for existing
* extension.
*/
- if (ext_op != X509V3_ADD_APPEND)
+ if (ext_op != X509V3_ADD_APPEND) {
extidx = X509v3_get_ext_by_NID(*x, nid, -1);
+ }
/* See if extension exists */
if (extidx >= 0) {
/* If keep existing, nothing to do */
- if (ext_op == X509V3_ADD_KEEP_EXISTING)
+ if (ext_op == X509V3_ADD_KEEP_EXISTING) {
return 1;
+ }
/* If default then its an error */
if (ext_op == X509V3_ADD_DEFAULT) {
errcode = X509V3_R_EXTENSION_EXISTS;
@@ -303,8 +322,9 @@
}
/* If delete, just delete it */
if (ext_op == X509V3_ADD_DELETE) {
- if (!sk_X509_EXTENSION_delete(*x, extidx))
+ if (!sk_X509_EXTENSION_delete(*x, extidx)) {
return -1;
+ }
return 1;
}
} else {
@@ -334,27 +354,32 @@
if (extidx >= 0) {
extmp = sk_X509_EXTENSION_value(*x, extidx);
X509_EXTENSION_free(extmp);
- if (!sk_X509_EXTENSION_set(*x, extidx, ext))
+ if (!sk_X509_EXTENSION_set(*x, extidx, ext)) {
return -1;
+ }
return 1;
}
- if ((ret = *x) == NULL && (ret = sk_X509_EXTENSION_new_null()) == NULL)
+ if ((ret = *x) == NULL && (ret = sk_X509_EXTENSION_new_null()) == NULL) {
goto m_fail;
- if (!sk_X509_EXTENSION_push(ret, ext))
+ }
+ if (!sk_X509_EXTENSION_push(ret, ext)) {
goto m_fail;
+ }
*x = ret;
return 1;
m_fail:
- if (ret != *x)
+ if (ret != *x) {
sk_X509_EXTENSION_free(ret);
+ }
X509_EXTENSION_free(ext);
return -1;
err:
- if (!(flags & X509V3_ADD_SILENT))
+ if (!(flags & X509V3_ADD_SILENT)) {
OPENSSL_PUT_ERROR(X509V3, errcode);
+ }
return 0;
}
diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
index 069166a..ce1c82e 100644
--- a/crypto/x509v3/v3_ncons.c
+++ b/crypto/x509v3/v3_ncons.c
@@ -127,8 +127,9 @@
NAME_CONSTRAINTS *ncons = NULL;
GENERAL_SUBTREE *sub = NULL;
ncons = NAME_CONSTRAINTS_new();
- if (!ncons)
+ if (!ncons) {
goto memerr;
+ }
for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
val = sk_CONF_VALUE_value(nval, i);
if (!strncmp(val->name, "permitted", 9) && val->name[9]) {
@@ -143,12 +144,15 @@
}
tval.value = val->value;
sub = GENERAL_SUBTREE_new();
- if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1))
+ if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1)) {
goto err;
- if (!*ptree)
+ }
+ if (!*ptree) {
*ptree = sk_GENERAL_SUBTREE_new_null();
- if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub))
+ }
+ if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub)) {
goto memerr;
+ }
sub = NULL;
}
@@ -157,10 +161,12 @@
memerr:
OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
err:
- if (ncons)
+ if (ncons) {
NAME_CONSTRAINTS_free(ncons);
- if (sub)
+ }
+ if (sub) {
GENERAL_SUBTREE_free(sub);
+ }
return NULL;
}
@@ -179,15 +185,17 @@
int ind, const char *name) {
GENERAL_SUBTREE *tree;
size_t i;
- if (sk_GENERAL_SUBTREE_num(trees) > 0)
+ if (sk_GENERAL_SUBTREE_num(trees) > 0) {
BIO_printf(bp, "%*s%s:\n", ind, "", name);
+ }
for (i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++) {
tree = sk_GENERAL_SUBTREE_value(trees, i);
BIO_printf(bp, "%*s", ind + 2, "");
- if (tree->base->type == GEN_IPADD)
+ if (tree->base->type == GEN_IPADD) {
print_nc_ipadd(bp, tree->base->d.ip);
- else
+ } else {
GENERAL_NAME_print(bp, tree->base);
+ }
BIO_puts(bp, "\n");
}
return 1;
@@ -207,13 +215,15 @@
uint16_t v = ((uint16_t)p[0] << 8) | p[1];
BIO_printf(bp, "%X", v);
p += 2;
- if (i == 7)
+ if (i == 7) {
BIO_puts(bp, "/");
- else if (i != 15)
+ } else if (i != 15) {
BIO_puts(bp, ":");
+ }
}
- } else
+ } else {
BIO_printf(bp, "IP Address:<invalid>");
+ }
return 1;
}
@@ -260,8 +270,9 @@
r = nc_match(&gntmp, nc);
- if (r != X509_V_OK)
+ if (r != X509_V_OK) {
return r;
+ }
gntmp.type = GEN_EMAIL;
@@ -270,25 +281,29 @@
for (i = -1;;) {
X509_NAME_ENTRY *ne;
i = X509_NAME_get_index_by_NID(nm, NID_pkcs9_emailAddress, i);
- if (i == -1)
+ if (i == -1) {
break;
+ }
ne = X509_NAME_get_entry(nm, i);
gntmp.d.rfc822Name = X509_NAME_ENTRY_get_data(ne);
- if (gntmp.d.rfc822Name->type != V_ASN1_IA5STRING)
+ if (gntmp.d.rfc822Name->type != V_ASN1_IA5STRING) {
return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+ }
r = nc_match(&gntmp, nc);
- if (r != X509_V_OK)
+ if (r != X509_V_OK) {
return r;
+ }
}
}
for (j = 0; j < sk_GENERAL_NAME_num(x->altname); j++) {
GENERAL_NAME *gen = sk_GENERAL_NAME_value(x->altname, j);
r = nc_match(gen, nc);
- if (r != X509_V_OK)
+ if (r != X509_V_OK) {
return r;
+ }
}
return X509_V_OK;
@@ -306,39 +321,48 @@
for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++) {
sub = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i);
- if (gen->type != sub->base->type)
+ if (gen->type != sub->base->type) {
continue;
- if (sub->minimum || sub->maximum)
+ }
+ if (sub->minimum || sub->maximum) {
return X509_V_ERR_SUBTREE_MINMAX;
+ }
/* If we already have a match don't bother trying any more */
- if (match == 2)
+ if (match == 2) {
continue;
- if (match == 0)
+ }
+ if (match == 0) {
match = 1;
+ }
r = nc_match_single(gen, sub->base);
- if (r == X509_V_OK)
+ if (r == X509_V_OK) {
match = 2;
- else if (r != X509_V_ERR_PERMITTED_VIOLATION)
+ } else if (r != X509_V_ERR_PERMITTED_VIOLATION) {
return r;
+ }
}
- if (match == 1)
+ if (match == 1) {
return X509_V_ERR_PERMITTED_VIOLATION;
+ }
/* Excluded subtrees: must not match any of these */
for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++) {
sub = sk_GENERAL_SUBTREE_value(nc->excludedSubtrees, i);
- if (gen->type != sub->base->type)
+ if (gen->type != sub->base->type) {
continue;
- if (sub->minimum || sub->maximum)
+ }
+ if (sub->minimum || sub->maximum) {
return X509_V_ERR_SUBTREE_MINMAX;
+ }
r = nc_match_single(gen, sub->base);
- if (r == X509_V_OK)
+ if (r == X509_V_OK) {
return X509_V_ERR_EXCLUDED_VIOLATION;
- else if (r != X509_V_ERR_PERMITTED_VIOLATION)
+ } else if (r != X509_V_ERR_PERMITTED_VIOLATION) {
return r;
+ }
}
return X509_V_OK;
@@ -372,14 +396,18 @@
static int nc_dn(X509_NAME *nm, X509_NAME *base) {
/* Ensure canonical encodings are up to date. */
- if (nm->modified && i2d_X509_NAME(nm, NULL) < 0)
+ if (nm->modified && i2d_X509_NAME(nm, NULL) < 0) {
return X509_V_ERR_OUT_OF_MEM;
- if (base->modified && i2d_X509_NAME(base, NULL) < 0)
+ }
+ if (base->modified && i2d_X509_NAME(base, NULL) < 0) {
return X509_V_ERR_OUT_OF_MEM;
- if (base->canon_enclen > nm->canon_enclen)
+ }
+ if (base->canon_enclen > nm->canon_enclen) {
return X509_V_ERR_PERMITTED_VIOLATION;
- if (OPENSSL_memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen))
+ }
+ if (OPENSSL_memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen)) {
return X509_V_ERR_PERMITTED_VIOLATION;
+ }
return X509_V_OK;
}
diff --git a/crypto/x509v3/v3_ocsp.c b/crypto/x509v3/v3_ocsp.c
index 7a9dc77..9d648f6 100644
--- a/crypto/x509v3/v3_ocsp.c
+++ b/crypto/x509v3/v3_ocsp.c
@@ -61,10 +61,12 @@
static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff,
BIO *bp, int ind) {
- if (BIO_printf(bp, "%*s", ind, "") <= 0)
+ if (BIO_printf(bp, "%*s", ind, "") <= 0) {
return 0;
- if (!ASN1_GENERALIZEDTIME_print(bp, cutoff))
+ }
+ if (!ASN1_GENERALIZEDTIME_print(bp, cutoff)) {
return 0;
+ }
return 1;
}
diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c
index 6d4b502..95fda03 100644
--- a/crypto/x509v3/v3_pci.c
+++ b/crypto/x509v3/v3_pci.c
@@ -73,18 +73,20 @@
int indent) {
const PROXY_CERT_INFO_EXTENSION *pci = ext;
BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
- if (pci->pcPathLengthConstraint)
+ if (pci->pcPathLengthConstraint) {
i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
- else
+ } else {
BIO_printf(out, "infinite");
+ }
BIO_puts(out, "\n");
BIO_printf(out, "%*sPolicy Language: ", indent, "");
i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
BIO_puts(out, "\n");
- if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
+ if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) {
BIO_printf(out, "%*sPolicy Text: %.*s\n", indent, "",
pci->proxyPolicy->policy->length,
pci->proxyPolicy->policy->data);
+ }
return 1;
}
@@ -230,8 +232,9 @@
&pathlen, &policy);
}
X509V3_section_free(ctx, sect);
- if (!success_p)
+ if (!success_p) {
goto err;
+ }
} else {
if (!process_pci_value(cnf, &language, &pathlen, &policy)) {
X509V3_conf_err(cnf);
diff --git a/crypto/x509v3/v3_pcons.c b/crypto/x509v3/v3_pcons.c
index 3514dde..7ed778b 100644
--- a/crypto/x509v3/v3_pcons.c
+++ b/crypto/x509v3/v3_pcons.c
@@ -118,11 +118,13 @@
for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
val = sk_CONF_VALUE_value(values, i);
if (!strcmp(val->name, "requireExplicitPolicy")) {
- if (!X509V3_get_value_int(val, &pcons->requireExplicitPolicy))
+ if (!X509V3_get_value_int(val, &pcons->requireExplicitPolicy)) {
goto err;
+ }
} else if (!strcmp(val->name, "inhibitPolicyMapping")) {
- if (!X509V3_get_value_int(val, &pcons->inhibitPolicyMapping))
+ if (!X509V3_get_value_int(val, &pcons->inhibitPolicyMapping)) {
goto err;
+ }
} else {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NAME);
X509V3_conf_err(val);
diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c
index c2442ef..ba56c87 100644
--- a/crypto/x509v3/v3_prn.c
+++ b/crypto/x509v3/v3_prn.c
@@ -75,27 +75,32 @@
int ml) {
size_t i;
CONF_VALUE *nval;
- if (!val)
+ if (!val) {
return;
+ }
if (!ml || !sk_CONF_VALUE_num(val)) {
BIO_printf(out, "%*s", indent, "");
- if (!sk_CONF_VALUE_num(val))
+ if (!sk_CONF_VALUE_num(val)) {
BIO_puts(out, "<EMPTY>\n");
+ }
}
for (i = 0; i < sk_CONF_VALUE_num(val); i++) {
- if (ml)
+ if (ml) {
BIO_printf(out, "%*s", indent, "");
- else if (i > 0)
+ } else if (i > 0) {
BIO_printf(out, ", ");
+ }
nval = sk_CONF_VALUE_value(val, i);
- if (!nval->name)
+ if (!nval->name) {
BIO_puts(out, nval->value);
- else if (!nval->value)
+ } else if (!nval->value) {
BIO_puts(out, nval->name);
- else
+ } else {
BIO_printf(out, "%s:%s", nval->name, nval->value);
- if (ml)
+ }
+ if (ml) {
BIO_puts(out, "\n");
+ }
}
}
@@ -109,8 +114,9 @@
STACK_OF(CONF_VALUE) *nval = NULL;
int ok = 1;
- if (!(method = X509V3_EXT_get(ext)))
+ if (!(method = X509V3_EXT_get(ext))) {
return unknown_ext_print(out, ext, flag, indent, 0);
+ }
const ASN1_STRING *ext_data = X509_EXTENSION_get_data(ext);
const unsigned char *p = ASN1_STRING_get0_data(ext_data);
if (method->it) {
@@ -120,8 +126,9 @@
ext_str = method->d2i(NULL, &p, ASN1_STRING_length(ext_data));
}
- if (!ext_str)
+ if (!ext_str) {
return unknown_ext_print(out, ext, flag, indent, 1);
+ }
if (method->i2s) {
if (!(value = method->i2s(method, ext_str))) {
@@ -137,19 +144,23 @@
X509V3_EXT_val_prn(out, nval, indent,
method->ext_flags & X509V3_EXT_MULTILINE);
} else if (method->i2r) {
- if (!method->i2r(method, ext_str, out, indent))
+ if (!method->i2r(method, ext_str, out, indent)) {
ok = 0;
- } else
+ }
+ } else {
ok = 0;
+ }
err:
sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
- if (value)
+ if (value) {
OPENSSL_free(value);
- if (method->it)
+ }
+ if (method->it) {
ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it));
- else
+ } else {
method->ext_free(ext_str);
+ }
return ok;
}
@@ -159,8 +170,9 @@
size_t i;
int j;
- if (sk_X509_EXTENSION_num(exts) <= 0)
+ if (sk_X509_EXTENSION_num(exts) <= 0) {
return 1;
+ }
if (title) {
BIO_printf(bp, "%*s%s:\n", indent, "", title);
@@ -171,19 +183,22 @@
ASN1_OBJECT *obj;
X509_EXTENSION *ex;
ex = sk_X509_EXTENSION_value(exts, i);
- if (indent && BIO_printf(bp, "%*s", indent, "") <= 0)
+ if (indent && BIO_printf(bp, "%*s", indent, "") <= 0) {
return 0;
+ }
obj = X509_EXTENSION_get_object(ex);
i2a_ASN1_OBJECT(bp, obj);
j = X509_EXTENSION_get_critical(ex);
- if (BIO_printf(bp, ": %s\n", j ? "critical" : "") <= 0)
+ if (BIO_printf(bp, ": %s\n", j ? "critical" : "") <= 0) {
return 0;
+ }
if (!X509V3_EXT_print(bp, ex, flag, indent + 4)) {
BIO_printf(bp, "%*s", indent + 4, "");
ASN1_STRING_print(bp, X509_EXTENSION_get_data(ex));
}
- if (BIO_write(bp, "\n", 1) <= 0)
+ if (BIO_write(bp, "\n", 1) <= 0) {
return 0;
+ }
}
return 1;
}
@@ -195,10 +210,11 @@
return 0;
case X509V3_EXT_ERROR_UNKNOWN:
- if (supported)
+ if (supported) {
BIO_printf(out, "%*s<Parse Error>", indent, "");
- else
+ } else {
BIO_printf(out, "%*s<Not Supported>", indent, "");
+ }
return 1;
case X509V3_EXT_PARSE_UNKNOWN:
@@ -216,8 +232,9 @@
int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent) {
BIO *bio_tmp;
int ret;
- if (!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE)))
+ if (!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) {
return 0;
+ }
ret = X509V3_EXT_print(bio_tmp, ext, flag, indent);
BIO_free(bio_tmp);
return ret;
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index d53d8eb..0b51a07 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -143,11 +143,13 @@
return -1;
}
- if (id == -1)
+ if (id == -1) {
return 1;
+ }
idx = X509_PURPOSE_get_by_id(id);
- if (idx == -1)
+ if (idx == -1) {
return -1;
+ }
pt = X509_PURPOSE_get0(idx);
return pt->check_purpose(pt, x, ca);
}
@@ -162,16 +164,19 @@
}
int X509_PURPOSE_get_count(void) {
- if (!xptable)
+ if (!xptable) {
return X509_PURPOSE_COUNT;
+ }
return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
}
X509_PURPOSE *X509_PURPOSE_get0(int idx) {
- if (idx < 0)
+ if (idx < 0) {
return NULL;
- if (idx < (int)X509_PURPOSE_COUNT)
+ }
+ if (idx < (int)X509_PURPOSE_COUNT) {
return xstandard + idx;
+ }
return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
}
@@ -180,8 +185,9 @@
X509_PURPOSE *xptmp;
for (i = 0; i < X509_PURPOSE_get_count(); i++) {
xptmp = X509_PURPOSE_get0(i);
- if (!strcmp(xptmp->sname, sname))
+ if (!strcmp(xptmp->sname, sname)) {
return i;
+ }
}
return -1;
}
@@ -190,15 +196,18 @@
X509_PURPOSE tmp;
size_t idx;
- if ((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
+ if ((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX)) {
return purpose - X509_PURPOSE_MIN;
+ }
tmp.purpose = purpose;
- if (!xptable)
+ if (!xptable) {
return -1;
+ }
sk_X509_PURPOSE_sort(xptable);
- if (!sk_X509_PURPOSE_find(xptable, &idx, &tmp))
+ if (!sk_X509_PURPOSE_find(xptable, &idx, &tmp)) {
return -1;
+ }
return idx + X509_PURPOSE_COUNT;
}
@@ -224,20 +233,24 @@
return 0;
}
ptmp->flags = X509_PURPOSE_DYNAMIC;
- } else
+ } else {
ptmp = X509_PURPOSE_get0(idx);
+ }
/* Duplicate the supplied names. */
name_dup = OPENSSL_strdup(name);
sname_dup = OPENSSL_strdup(sname);
if (name_dup == NULL || sname_dup == NULL) {
OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
- if (name_dup != NULL)
+ if (name_dup != NULL) {
OPENSSL_free(name_dup);
- if (sname_dup != NULL)
+ }
+ if (sname_dup != NULL) {
OPENSSL_free(sname_dup);
- if (idx == -1)
+ }
+ if (idx == -1) {
OPENSSL_free(ptmp);
+ }
return 0;
}
@@ -276,8 +289,9 @@
}
static void xptable_free(X509_PURPOSE *p) {
- if (!p)
+ if (!p) {
return;
+ }
if (p->flags & X509_PURPOSE_DYNAMIC) {
if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
OPENSSL_free(p->name);
@@ -290,8 +304,9 @@
void X509_PURPOSE_cleanup(void) {
unsigned int i;
sk_X509_PURPOSE_pop_free(xptable, xptable_free);
- for (i = 0; i < X509_PURPOSE_COUNT; i++)
+ for (i = 0; i < X509_PURPOSE_COUNT; i++) {
xptable_free(xstandard + i);
+ }
xptable = NULL;
}
@@ -334,12 +349,14 @@
int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
- if (ex_nid == NID_undef)
+ if (ex_nid == NID_undef) {
return 0;
+ }
if (bsearch(&ex_nid, supported_nids, sizeof(supported_nids) / sizeof(int),
- sizeof(int), nid_cmp) != NULL)
+ sizeof(int), nid_cmp) != NULL) {
return 1;
+ }
return 0;
}
@@ -347,15 +364,19 @@
X509_NAME *iname = NULL;
size_t i;
if (dp->reasons) {
- if (dp->reasons->length > 0)
+ if (dp->reasons->length > 0) {
dp->dp_reasons = dp->reasons->data[0];
- if (dp->reasons->length > 1)
+ }
+ if (dp->reasons->length > 1) {
dp->dp_reasons |= (dp->reasons->data[1] << 8);
+ }
dp->dp_reasons &= CRLDP_ALL_REASONS;
- } else
+ } else {
dp->dp_reasons = CRLDP_ALL_REASONS;
- if (!dp->distpoint || (dp->distpoint->type != 1))
+ }
+ if (!dp->distpoint || (dp->distpoint->type != 1)) {
return 1;
+ }
for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
if (gen->type == GEN_DIRNAME) {
@@ -363,8 +384,9 @@
break;
}
}
- if (!iname)
+ if (!iname) {
iname = X509_get_issuer_name(x);
+ }
return DIST_POINT_set_dpname(dp->distpoint, iname);
}
@@ -407,15 +429,18 @@
return (x->ex_flags & EXFLAG_INVALID) == 0;
}
- if (!X509_digest(x, EVP_sha256(), x->cert_hash, NULL))
+ if (!X509_digest(x, EVP_sha256(), x->cert_hash, NULL)) {
x->ex_flags |= EXFLAG_INVALID;
+ }
/* V1 should mean no extensions ... */
- if (X509_get_version(x) == X509_VERSION_1)
+ if (X509_get_version(x) == X509_VERSION_1) {
x->ex_flags |= EXFLAG_V1;
+ }
/* Handle basic constraints */
if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, &j, NULL))) {
- if (bs->ca)
+ if (bs->ca) {
x->ex_flags |= EXFLAG_CA;
+ }
if (bs->pathlen) {
if ((bs->pathlen->type == V_ASN1_NEG_INTEGER) || !bs->ca) {
x->ex_flags |= EXFLAG_INVALID;
@@ -428,8 +453,9 @@
* 255 as an error. */
x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
}
- } else
+ } else {
x->ex_pathlen = -1;
+ }
BASIC_CONSTRAINTS_free(bs);
x->ex_flags |= EXFLAG_BCONS;
} else if (j != -1) {
@@ -444,8 +470,9 @@
}
if (pci->pcPathLengthConstraint) {
x->ex_pcpathlen = ASN1_INTEGER_get(pci->pcPathLengthConstraint);
- } else
+ } else {
x->ex_pcpathlen = -1;
+ }
PROXY_CERT_INFO_EXTENSION_free(pci);
x->ex_flags |= EXFLAG_PROXY;
} else if (j != -1) {
@@ -455,10 +482,12 @@
if ((usage = X509_get_ext_d2i(x, NID_key_usage, &j, NULL))) {
if (usage->length > 0) {
x->ex_kusage = usage->data[0];
- if (usage->length > 1)
+ if (usage->length > 1) {
x->ex_kusage |= usage->data[1] << 8;
- } else
+ }
+ } else {
x->ex_kusage = 0;
+ }
x->ex_flags |= EXFLAG_KUSAGE;
ASN1_BIT_STRING_free(usage);
} else if (j != -1) {
@@ -513,10 +542,11 @@
}
if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, &j, NULL))) {
- if (ns->length > 0)
+ if (ns->length > 0) {
x->ex_nscert = ns->data[0];
- else
+ } else {
x->ex_nscert = 0;
+ }
x->ex_flags |= EXFLAG_NSCERT;
ASN1_BIT_STRING_free(ns);
} else if (j != -1) {
@@ -535,8 +565,9 @@
x->ex_flags |= EXFLAG_SI;
/* If SKID matches AKID also indicate self signed */
if (X509_check_akid(x, x->akid) == X509_V_OK &&
- !ku_reject(x, KU_KEY_CERT_SIGN))
+ !ku_reject(x, KU_KEY_CERT_SIGN)) {
x->ex_flags |= EXFLAG_SS;
+ }
}
x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, &j, NULL);
if (x->altname == NULL && j != -1) {
@@ -552,10 +583,12 @@
for (j = 0; j < X509_get_ext_count(x); j++) {
ex = X509_get_ext(x, j);
- if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == NID_freshest_crl)
+ if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == NID_freshest_crl) {
x->ex_flags |= EXFLAG_FRESHEST;
- if (!X509_EXTENSION_get_critical(ex))
+ }
+ if (!X509_EXTENSION_get_critical(ex)) {
continue;
+ }
if (!X509_supported_extension(ex)) {
x->ex_flags |= EXFLAG_CRITICAL;
break;
@@ -571,8 +604,9 @@
* otherwise. */
static int check_ca(const X509 *x) {
/* keyUsage if present should allow cert signing */
- if (ku_reject(x, KU_KEY_CERT_SIGN))
+ if (ku_reject(x, KU_KEY_CERT_SIGN)) {
return 0;
+ }
/* Version 1 certificates are considered CAs and don't have extensions. */
if ((x->ex_flags & V1_ROOT) == V1_ROOT) {
return 1;
@@ -590,16 +624,20 @@
static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
int ca) {
- if (xku_reject(x, XKU_SSL_CLIENT))
+ if (xku_reject(x, XKU_SSL_CLIENT)) {
return 0;
- if (ca)
+ }
+ if (ca) {
return check_ca(x);
+ }
/* We need to do digital signatures or key agreement */
- if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT))
+ if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT)) {
return 0;
+ }
/* nsCertType if present should allow SSL client use */
- if (ns_reject(x, NS_SSL_CLIENT))
+ if (ns_reject(x, NS_SSL_CLIENT)) {
return 0;
+ }
return 1;
}
@@ -612,15 +650,19 @@
static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
int ca) {
- if (xku_reject(x, XKU_SSL_SERVER))
+ if (xku_reject(x, XKU_SSL_SERVER)) {
return 0;
- if (ca)
+ }
+ if (ca) {
return check_ca(x);
+ }
- if (ns_reject(x, NS_SSL_SERVER))
+ if (ns_reject(x, NS_SSL_SERVER)) {
return 0;
- if (ku_reject(x, KU_TLS))
+ }
+ if (ku_reject(x, KU_TLS)) {
return 0;
+ }
return 1;
}
@@ -629,19 +671,22 @@
int ca) {
int ret;
ret = check_purpose_ssl_server(xp, x, ca);
- if (!ret || ca)
+ if (!ret || ca) {
return ret;
+ }
/* We need to encipher or Netscape complains */
- if (ku_reject(x, KU_KEY_ENCIPHERMENT))
+ if (ku_reject(x, KU_KEY_ENCIPHERMENT)) {
return 0;
+ }
return ret;
}
/* purpose_smime returns one if |x| is a valid S/MIME leaf (|ca| is zero) or CA
* (|ca| is one) certificate, and zero otherwise. */
static int purpose_smime(const X509 *x, int ca) {
- if (xku_reject(x, XKU_SMIME))
+ if (xku_reject(x, XKU_SMIME)) {
return 0;
+ }
if (ca) {
/* check nsCertType if present */
if ((x->ex_flags & EXFLAG_NSCERT) && (x->ex_nscert & NS_SMIME_CA) == 0) {
@@ -660,10 +705,12 @@
int ca) {
int ret;
ret = purpose_smime(x, ca);
- if (!ret || ca)
+ if (!ret || ca) {
return ret;
- if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION))
+ }
+ if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION)) {
return 0;
+ }
return ret;
}
@@ -671,10 +718,12 @@
int ca) {
int ret;
ret = purpose_smime(x, ca);
- if (!ret || ca)
+ if (!ret || ca) {
return ret;
- if (ku_reject(x, KU_KEY_ENCIPHERMENT))
+ }
+ if (ku_reject(x, KU_KEY_ENCIPHERMENT)) {
return 0;
+ }
return ret;
}
@@ -683,8 +732,9 @@
if (ca) {
return check_ca(x);
}
- if (ku_reject(x, KU_CRL_SIGN))
+ if (ku_reject(x, KU_CRL_SIGN)) {
return 0;
+ }
return 1;
}
@@ -694,8 +744,9 @@
*/
static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca) {
- if (ca)
+ if (ca) {
return check_ca(x);
+ }
/* leaf certificate is checked in OCSP_verify() */
return 1;
}
@@ -705,8 +756,9 @@
int i_ext;
/* If ca is true we must return if this is a valid CA certificate. */
- if (ca)
+ if (ca) {
return check_ca(x);
+ }
/*
* Check the optional key usage field:
@@ -716,19 +768,22 @@
*/
if ((x->ex_flags & EXFLAG_KUSAGE) &&
((x->ex_kusage & ~(KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)) ||
- !(x->ex_kusage & (KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE))))
+ !(x->ex_kusage & (KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)))) {
return 0;
+ }
/* Only time stamp key usage is permitted and it's required. */
- if (!(x->ex_flags & EXFLAG_XKUSAGE) || x->ex_xkusage != XKU_TIMESTAMP)
+ if (!(x->ex_flags & EXFLAG_XKUSAGE) || x->ex_xkusage != XKU_TIMESTAMP) {
return 0;
+ }
/* Extended Key Usage MUST be critical */
i_ext = X509_get_ext_by_NID((X509 *)x, NID_ext_key_usage, -1);
if (i_ext >= 0) {
X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext);
- if (!X509_EXTENSION_get_critical(ext))
+ if (!X509_EXTENSION_get_critical(ext)) {
return 0;
+ }
}
return 1;
@@ -748,38 +803,45 @@
int X509_check_issued(X509 *issuer, X509 *subject) {
if (X509_NAME_cmp(X509_get_subject_name(issuer),
- X509_get_issuer_name(subject)))
+ X509_get_issuer_name(subject))) {
return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
+ }
if (!x509v3_cache_extensions(issuer) || !x509v3_cache_extensions(subject)) {
return X509_V_ERR_UNSPECIFIED;
}
if (subject->akid) {
int ret = X509_check_akid(issuer, subject->akid);
- if (ret != X509_V_OK)
+ if (ret != X509_V_OK) {
return ret;
+ }
}
if (subject->ex_flags & EXFLAG_PROXY) {
- if (ku_reject(issuer, KU_DIGITAL_SIGNATURE))
+ if (ku_reject(issuer, KU_DIGITAL_SIGNATURE)) {
return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
- } else if (ku_reject(issuer, KU_KEY_CERT_SIGN))
+ }
+ } else if (ku_reject(issuer, KU_KEY_CERT_SIGN)) {
return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
+ }
return X509_V_OK;
}
int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) {
- if (!akid)
+ if (!akid) {
return X509_V_OK;
+ }
/* Check key ids (if present) */
if (akid->keyid && issuer->skid &&
- ASN1_OCTET_STRING_cmp(akid->keyid, issuer->skid))
+ ASN1_OCTET_STRING_cmp(akid->keyid, issuer->skid)) {
return X509_V_ERR_AKID_SKID_MISMATCH;
+ }
/* Check serial number */
if (akid->serial &&
- ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), akid->serial))
+ ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), akid->serial)) {
return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
+ }
/* Check issuer name */
if (akid->issuer) {
/*
@@ -799,8 +861,9 @@
break;
}
}
- if (nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
+ if (nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer))) {
return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
+ }
}
return X509_V_OK;
}
@@ -816,8 +879,9 @@
if (!x509v3_cache_extensions(x)) {
return 0;
}
- if (x->ex_flags & EXFLAG_KUSAGE)
+ if (x->ex_flags & EXFLAG_KUSAGE) {
return x->ex_kusage;
+ }
return UINT32_MAX;
}
@@ -825,8 +889,9 @@
if (!x509v3_cache_extensions(x)) {
return 0;
}
- if (x->ex_flags & EXFLAG_XKUSAGE)
+ if (x->ex_flags & EXFLAG_XKUSAGE) {
return x->ex_xkusage;
+ }
return UINT32_MAX;
}
diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c
index edbc61a..05c5050 100644
--- a/crypto/x509v3/v3_skey.c
+++ b/crypto/x509v3/v3_skey.c
@@ -104,34 +104,38 @@
unsigned char pkey_dig[EVP_MAX_MD_SIZE];
unsigned int diglen;
- if (strcmp(str, "hash"))
+ if (strcmp(str, "hash")) {
return s2i_ASN1_OCTET_STRING(method, ctx, str);
+ }
if (!(oct = ASN1_OCTET_STRING_new())) {
OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
return NULL;
}
- if (ctx && (ctx->flags == CTX_TEST))
+ if (ctx && (ctx->flags == CTX_TEST)) {
return oct;
+ }
if (!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_PUBLIC_KEY);
goto err;
}
- if (ctx->subject_req)
+ if (ctx->subject_req) {
pk = ctx->subject_req->req_info->pubkey->public_key;
- else
+ } else {
pk = ctx->subject_cert->cert_info->key->public_key;
+ }
if (!pk) {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_PUBLIC_KEY);
goto err;
}
- if (!EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL))
+ if (!EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL)) {
goto err;
+ }
if (!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index a60dda9..bd443c3 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -95,8 +95,9 @@
CONF_VALUE *vtmp = NULL;
char *tname = NULL, *tvalue = NULL;
int extlist_was_null = *extlist == NULL;
- if (name && !(tname = OPENSSL_strdup(name)))
+ if (name && !(tname = OPENSSL_strdup(name))) {
goto malloc_err;
+ }
if (!omit_value) {
/* |CONF_VALUE| cannot represent strings with NULs. */
if (OPENSSL_memchr(value, 0, value_len)) {
@@ -108,15 +109,18 @@
goto malloc_err;
}
}
- if (!(vtmp = CONF_VALUE_new()))
+ if (!(vtmp = CONF_VALUE_new())) {
goto malloc_err;
- if (!*extlist && !(*extlist = sk_CONF_VALUE_new_null()))
+ }
+ if (!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) {
goto malloc_err;
+ }
vtmp->section = NULL;
vtmp->name = tname;
vtmp->value = tvalue;
- if (!sk_CONF_VALUE_push(*extlist, vtmp))
+ if (!sk_CONF_VALUE_push(*extlist, vtmp)) {
goto malloc_err;
+ }
return 1;
malloc_err:
OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
@@ -151,28 +155,34 @@
/* Free function for STACK_OF(CONF_VALUE) */
void X509V3_conf_free(CONF_VALUE *conf) {
- if (!conf)
+ if (!conf) {
return;
- if (conf->name)
+ }
+ if (conf->name) {
OPENSSL_free(conf->name);
- if (conf->value)
+ }
+ if (conf->value) {
OPENSSL_free(conf->value);
- if (conf->section)
+ }
+ if (conf->section) {
OPENSSL_free(conf->section);
+ }
OPENSSL_free(conf);
}
int X509V3_add_value_bool(const char *name, int asn1_bool,
STACK_OF(CONF_VALUE) **extlist) {
- if (asn1_bool)
+ if (asn1_bool) {
return X509V3_add_value(name, "TRUE", extlist);
+ }
return X509V3_add_value(name, "FALSE", extlist);
}
int X509V3_add_value_bool_nf(const char *name, int asn1_bool,
STACK_OF(CONF_VALUE) **extlist) {
- if (asn1_bool)
+ if (asn1_bool) {
return X509V3_add_value(name, "TRUE", extlist);
+ }
return 1;
}
@@ -218,11 +228,13 @@
const ASN1_ENUMERATED *a) {
BIGNUM *bntmp = NULL;
char *strtmp = NULL;
- if (!a)
+ if (!a) {
return NULL;
+ }
if (!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
- !(strtmp = bignum_to_string(bntmp)))
+ !(strtmp = bignum_to_string(bntmp))) {
OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
+ }
BN_free(bntmp);
return strtmp;
}
@@ -230,11 +242,13 @@
char *i2s_ASN1_INTEGER(const X509V3_EXT_METHOD *method, const ASN1_INTEGER *a) {
BIGNUM *bntmp = NULL;
char *strtmp = NULL;
- if (!a)
+ if (!a) {
return NULL;
+ }
if (!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
- !(strtmp = bignum_to_string(bntmp)))
+ !(strtmp = bignum_to_string(bntmp))) {
OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
+ }
BN_free(bntmp);
return strtmp;
}
@@ -253,19 +267,22 @@
if (value[0] == '-') {
value++;
isneg = 1;
- } else
+ } else {
isneg = 0;
+ }
if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {
value += 2;
ishex = 1;
- } else
+ } else {
ishex = 0;
+ }
- if (ishex)
+ if (ishex) {
ret = BN_hex2bn(&bn, value);
- else
+ } else {
ret = BN_dec2bn(&bn, value);
+ }
if (!ret || value[ret]) {
BN_free(bn);
@@ -273,8 +290,9 @@
return 0;
}
- if (isneg && BN_is_zero(bn))
+ if (isneg && BN_is_zero(bn)) {
isneg = 0;
+ }
aint = BN_to_ASN1_INTEGER(bn, NULL);
BN_free(bn);
@@ -282,8 +300,9 @@
OPENSSL_PUT_ERROR(X509V3, X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
return 0;
}
- if (isneg)
+ if (isneg) {
aint->type |= V_ASN1_NEG;
+ }
return aint;
}
@@ -291,10 +310,12 @@
STACK_OF(CONF_VALUE) **extlist) {
char *strtmp;
int ret;
- if (!aint)
+ if (!aint) {
return 1;
- if (!(strtmp = i2s_ASN1_INTEGER(NULL, aint)))
+ }
+ if (!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) {
return 0;
+ }
ret = X509V3_add_value(name, strtmp, extlist);
OPENSSL_free(strtmp);
return ret;
@@ -302,8 +323,9 @@
int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool) {
char *btmp;
- if (!(btmp = value->value))
+ if (!(btmp = value->value)) {
goto err;
+ }
if (!strcmp(btmp, "TRUE") || !strcmp(btmp, "true") || !strcmp(btmp, "Y") ||
!strcmp(btmp, "y") || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
*asn1_bool = 0xff;
@@ -433,17 +455,22 @@
char *p, *q;
/* Skip over leading spaces */
p = name;
- while (*p && isspace((unsigned char)*p))
+ while (*p && isspace((unsigned char)*p)) {
p++;
- if (!*p)
+ }
+ if (!*p) {
return NULL;
+ }
q = p + strlen(p) - 1;
- while ((q != p) && isspace((unsigned char)*q))
+ while ((q != p) && isspace((unsigned char)*q)) {
q--;
- if (p != q)
+ }
+ if (p != q) {
q[1] = 0;
- if (!*p)
+ }
+ if (!*p) {
return NULL;
+ }
return p;
}
@@ -483,12 +510,14 @@
OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_ARGUMENT);
return NULL;
}
- if (!(hexbuf = OPENSSL_malloc(strlen(str) >> 1)))
+ if (!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) {
goto err;
+ }
for (p = (unsigned char *)str, q = hexbuf; *p;) {
ch = *p++;
- if (ch == ':')
+ if (ch == ':') {
continue;
+ }
cl = *p++;
if (!cl) {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_ODD_NUMBER_OF_DIGITS);
@@ -496,35 +525,39 @@
return NULL;
}
- if ((ch >= '0') && (ch <= '9'))
+ if ((ch >= '0') && (ch <= '9')) {
ch -= '0';
- else if ((ch >= 'a') && (ch <= 'f'))
+ } else if ((ch >= 'a') && (ch <= 'f')) {
ch -= 'a' - 10;
- else if ((ch >= 'A') && (ch <= 'F'))
+ } else if ((ch >= 'A') && (ch <= 'F')) {
ch -= 'A' - 10;
- else
+ } else {
goto badhex;
+ }
- if ((cl >= '0') && (cl <= '9'))
+ if ((cl >= '0') && (cl <= '9')) {
cl -= '0';
- else if ((cl >= 'a') && (cl <= 'f'))
+ } else if ((cl >= 'a') && (cl <= 'f')) {
cl -= 'a' - 10;
- else if ((cl >= 'A') && (cl <= 'F'))
+ } else if ((cl >= 'A') && (cl <= 'F')) {
cl -= 'A' - 10;
- else
+ } else {
goto badhex;
+ }
*q++ = (ch << 4) | cl;
}
- if (len)
+ if (len) {
*len = q - hexbuf;
+ }
return hexbuf;
err:
- if (hexbuf)
+ if (hexbuf) {
OPENSSL_free(hexbuf);
+ }
OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
return NULL;
@@ -538,11 +571,13 @@
int len, ret;
char c;
len = strlen(cmp);
- if ((ret = strncmp(name, cmp, len)))
+ if ((ret = strncmp(name, cmp, len))) {
return ret;
+ }
c = name[len];
- if (!c || (c == '.'))
+ if (!c || (c == '.')) {
return 0;
+ }
return 1;
}
@@ -564,14 +599,16 @@
size_t i;
info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL);
- if (!info)
+ if (!info) {
return NULL;
+ }
for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) {
ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i);
if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) {
if (ad->location->type == GEN_URI) {
- if (!append_ia5(&ret, ad->location->d.uniformResourceIdentifier))
+ if (!append_ia5(&ret, ad->location->d.uniformResourceIdentifier)) {
break;
+ }
}
}
}
@@ -607,15 +644,18 @@
0) {
ne = X509_NAME_get_entry(name, i);
email = X509_NAME_ENTRY_get_data(ne);
- if (!append_ia5(&ret, email))
+ if (!append_ia5(&ret, email)) {
return NULL;
+ }
}
for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) {
gen = sk_GENERAL_NAME_value(gens, j);
- if (gen->type != GEN_EMAIL)
+ if (gen->type != GEN_EMAIL) {
continue;
- if (!append_ia5(&ret, gen->d.ia5))
+ }
+ if (!append_ia5(&ret, gen->d.ia5)) {
return NULL;
+ }
}
return ret;
}
@@ -624,20 +664,25 @@
static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email) {
/* First some sanity checks */
- if (email->type != V_ASN1_IA5STRING)
+ if (email->type != V_ASN1_IA5STRING) {
return 1;
- if (email->data == NULL || email->length == 0)
+ }
+ if (email->data == NULL || email->length == 0) {
return 1;
+ }
/* |OPENSSL_STRING| cannot represent strings with embedded NULs. Do not
* report them as outputs. */
- if (OPENSSL_memchr(email->data, 0, email->length) != NULL)
+ if (OPENSSL_memchr(email->data, 0, email->length) != NULL) {
return 1;
+ }
char *emtmp = NULL;
- if (!*sk)
+ if (!*sk) {
*sk = sk_OPENSSL_STRING_new(sk_strcmp);
- if (!*sk)
+ }
+ if (!*sk) {
goto err;
+ }
emtmp = OPENSSL_strndup((char *)email->data, email->length);
if (emtmp == NULL) {
@@ -676,21 +721,26 @@
static int equal_nocase(const unsigned char *pattern, size_t pattern_len,
const unsigned char *subject, size_t subject_len,
unsigned int flags) {
- if (pattern_len != subject_len)
+ if (pattern_len != subject_len) {
return 0;
+ }
while (pattern_len) {
unsigned char l = *pattern;
unsigned char r = *subject;
/* The pattern must not contain NUL characters. */
- if (l == 0)
+ if (l == 0) {
return 0;
+ }
if (l != r) {
- if ('A' <= l && l <= 'Z')
+ if ('A' <= l && l <= 'Z') {
l = (l - 'A') + 'a';
- if ('A' <= r && r <= 'Z')
+ }
+ if ('A' <= r && r <= 'Z') {
r = (r - 'A') + 'a';
- if (l != r)
+ }
+ if (l != r) {
return 0;
+ }
}
++pattern;
++subject;
@@ -703,8 +753,9 @@
static int equal_case(const unsigned char *pattern, size_t pattern_len,
const unsigned char *subject, size_t subject_len,
unsigned int flags) {
- if (pattern_len != subject_len)
+ if (pattern_len != subject_len) {
return 0;
+ }
return !OPENSSL_memcmp(pattern, subject, pattern_len);
}
@@ -716,8 +767,9 @@
const unsigned char *b, size_t b_len,
unsigned int unused_flags) {
size_t i = a_len;
- if (a_len != b_len)
+ if (a_len != b_len) {
return 0;
+ }
/*
* We search backwards for the '@' character, so that we do not have to
* deal with quoted local-parts. The domain part is compared in a
@@ -726,13 +778,15 @@
while (i > 0) {
--i;
if (a[i] == '@' || b[i] == '@') {
- if (!equal_nocase(a + i, a_len - i, b + i, a_len - i, 0))
+ if (!equal_nocase(a + i, a_len - i, b + i, a_len - i, 0)) {
return 0;
+ }
break;
}
}
- if (i == 0)
+ if (i == 0) {
i = a_len;
+ }
return equal_case(a, i, b, i, 0);
}
@@ -749,38 +803,46 @@
const unsigned char *p;
int allow_idna = 0;
- if (subject_len < prefix_len + suffix_len)
+ if (subject_len < prefix_len + suffix_len) {
return 0;
- if (!equal_nocase(prefix, prefix_len, subject, prefix_len, flags))
+ }
+ if (!equal_nocase(prefix, prefix_len, subject, prefix_len, flags)) {
return 0;
+ }
wildcard_start = subject + prefix_len;
wildcard_end = subject + (subject_len - suffix_len);
- if (!equal_nocase(wildcard_end, suffix_len, suffix, suffix_len, flags))
+ if (!equal_nocase(wildcard_end, suffix_len, suffix, suffix_len, flags)) {
return 0;
+ }
/*
* If the wildcard makes up the entire first label, it must match at
* least one character.
*/
if (prefix_len == 0 && *suffix == '.') {
- if (wildcard_start == wildcard_end)
+ if (wildcard_start == wildcard_end) {
return 0;
+ }
allow_idna = 1;
}
/* IDNA labels cannot match partial wildcards */
if (!allow_idna && subject_len >= 4 &&
- OPENSSL_strncasecmp((char *)subject, "xn--", 4) == 0)
+ OPENSSL_strncasecmp((char *)subject, "xn--", 4) == 0) {
return 0;
+ }
/* The wildcard may match a literal '*' */
- if (wildcard_end == wildcard_start + 1 && *wildcard_start == '*')
+ if (wildcard_end == wildcard_start + 1 && *wildcard_start == '*') {
return 1;
+ }
/*
* Check that the part matched by the wildcard contains only
* permitted characters and only matches a single label.
*/
- for (p = wildcard_start; p != wildcard_end; ++p)
+ for (p = wildcard_start; p != wildcard_end; ++p) {
if (!(('0' <= *p && *p <= '9') || ('A' <= *p && *p <= 'Z') ||
- ('a' <= *p && *p <= 'z') || *p == '-'))
+ ('a' <= *p && *p <= 'z') || *p == '-')) {
return 0;
+ }
+ }
return 1;
}
@@ -808,39 +870,46 @@
* No wildcards in IDNA labels.
* No wildcards after the first label.
*/
- if (star != NULL || (state & LABEL_IDNA) != 0 || dots)
+ if (star != NULL || (state & LABEL_IDNA) != 0 || dots) {
return NULL;
+ }
/* Only full-label '*.example.com' wildcards. */
- if (!atstart || !atend)
+ if (!atstart || !atend) {
return NULL;
+ }
star = &p[i];
state &= ~LABEL_START;
} else if (('a' <= p[i] && p[i] <= 'z') || ('A' <= p[i] && p[i] <= 'Z') ||
('0' <= p[i] && p[i] <= '9')) {
if ((state & LABEL_START) != 0 && len - i >= 4 &&
- OPENSSL_strncasecmp((char *)&p[i], "xn--", 4) == 0)
+ OPENSSL_strncasecmp((char *)&p[i], "xn--", 4) == 0) {
state |= LABEL_IDNA;
+ }
state &= ~(LABEL_HYPHEN | LABEL_START);
} else if (p[i] == '.') {
- if ((state & (LABEL_HYPHEN | LABEL_START)) != 0)
+ if ((state & (LABEL_HYPHEN | LABEL_START)) != 0) {
return NULL;
+ }
state = LABEL_START;
++dots;
} else if (p[i] == '-') {
/* no domain/subdomain starts with '-' */
- if ((state & LABEL_START) != 0)
+ if ((state & LABEL_START) != 0) {
return NULL;
+ }
state |= LABEL_HYPHEN;
- } else
+ } else {
return NULL;
+ }
}
/*
* The final label must not end in a hyphen or ".", and
* there must be at least two dots after the star.
*/
- if ((state & (LABEL_START | LABEL_HYPHEN)) != 0 || dots < 2)
+ if ((state & (LABEL_START | LABEL_HYPHEN)) != 0 || dots < 2) {
return NULL;
+ }
return star;
}
@@ -854,10 +923,12 @@
* Subject names starting with '.' can only match a wildcard pattern
* via a subject sub-domain pattern suffix match.
*/
- if (!(subject_len > 1 && subject[0] == '.'))
+ if (!(subject_len > 1 && subject[0] == '.')) {
star = valid_star(pattern, pattern_len, flags);
- if (star == NULL)
+ }
+ if (star == NULL) {
return equal_nocase(pattern, pattern_len, subject, subject_len, flags);
+ }
return wildcard_match(pattern, star - pattern, star + 1,
(pattern + pattern_len) - star - 1, subject,
subject_len, flags);
@@ -918,23 +989,28 @@
size_t blen, char **peername) {
int rv = 0;
- if (!a->data || !a->length)
+ if (!a->data || !a->length) {
return 0;
+ }
if (cmp_type > 0) {
- if (cmp_type != a->type)
+ if (cmp_type != a->type) {
return 0;
- if (cmp_type == V_ASN1_IA5STRING)
+ }
+ if (cmp_type == V_ASN1_IA5STRING) {
rv = equal(a->data, a->length, (unsigned char *)b, blen, flags);
- else if (a->length == (int)blen && !OPENSSL_memcmp(a->data, b, blen))
+ } else if (a->length == (int)blen && !OPENSSL_memcmp(a->data, b, blen)) {
rv = 1;
- if (rv > 0 && peername)
+ }
+ if (rv > 0 && peername) {
*peername = OPENSSL_strndup((char *)a->data, a->length);
+ }
} else {
int astrlen;
unsigned char *astr;
astrlen = ASN1_STRING_to_UTF8(&astr, a);
- if (astrlen < 0)
+ if (astrlen < 0) {
return -1;
+ }
/*
* We check the common name against DNS name constraints if it passes
* |x509v3_looks_like_dns_name|. Thus we must not consider common names
@@ -945,8 +1021,9 @@
} else {
rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);
}
- if (rv > 0 && peername)
+ if (rv > 0 && peername) {
*peername = OPENSSL_strndup((char *)astr, astrlen);
+ }
OPENSSL_free(astr);
}
return rv;
@@ -970,10 +1047,11 @@
} else if (check_type == GEN_DNS) {
cnid = NID_commonName;
alt_type = V_ASN1_IA5STRING;
- if (flags & X509_CHECK_FLAG_NO_WILDCARDS)
+ if (flags & X509_CHECK_FLAG_NO_WILDCARDS) {
equal = equal_nocase;
- else
+ } else {
equal = equal_wildcard;
+ }
} else {
alt_type = V_ASN1_OCTET_STRING;
equal = equal_case;
@@ -985,26 +1063,30 @@
GENERAL_NAME *gen;
ASN1_STRING *cstr;
gen = sk_GENERAL_NAME_value(gens, i);
- if (gen->type != check_type)
+ if (gen->type != check_type) {
continue;
- if (check_type == GEN_EMAIL)
+ }
+ if (check_type == GEN_EMAIL) {
cstr = gen->d.rfc822Name;
- else if (check_type == GEN_DNS)
+ } else if (check_type == GEN_DNS) {
cstr = gen->d.dNSName;
- else
+ } else {
cstr = gen->d.iPAddress;
+ }
/* Positive on success, negative on error! */
if ((rv = do_check_string(cstr, alt_type, equal, flags, check_type, chk,
- chklen, peername)) != 0)
+ chklen, peername)) != 0) {
break;
+ }
}
GENERAL_NAMES_free(gens);
return rv;
}
/* We're done if CN-ID is not pertinent */
- if (cnid == NID_undef || (flags & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT))
+ if (cnid == NID_undef || (flags & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT)) {
return 0;
+ }
j = -1;
name = X509_get_subject_name(x);
@@ -1015,34 +1097,40 @@
str = X509_NAME_ENTRY_get_data(ne);
/* Positive on success, negative on error! */
if ((rv = do_check_string(str, -1, equal, flags, check_type, chk, chklen,
- peername)) != 0)
+ peername)) != 0) {
return rv;
+ }
}
return 0;
}
int X509_check_host(X509 *x, const char *chk, size_t chklen, unsigned int flags,
char **peername) {
- if (chk == NULL)
+ if (chk == NULL) {
return -2;
- if (OPENSSL_memchr(chk, '\0', chklen))
+ }
+ if (OPENSSL_memchr(chk, '\0', chklen)) {
return -2;
+ }
return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername);
}
int X509_check_email(X509 *x, const char *chk, size_t chklen,
unsigned int flags) {
- if (chk == NULL)
+ if (chk == NULL) {
return -2;
- if (OPENSSL_memchr(chk, '\0', chklen))
+ }
+ if (OPENSSL_memchr(chk, '\0', chklen)) {
return -2;
+ }
return do_x509_check(x, chk, chklen, flags, GEN_EMAIL, NULL);
}
int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
unsigned int flags) {
- if (chk == NULL)
+ if (chk == NULL) {
return -2;
+ }
return do_x509_check(x, (char *)chk, chklen, flags, GEN_IPADD, NULL);
}
@@ -1050,11 +1138,13 @@
unsigned char ipout[16];
size_t iplen;
- if (ipasc == NULL)
+ if (ipasc == NULL) {
return -2;
+ }
iplen = (size_t)x509v3_a2i_ipadd(ipout, ipasc);
- if (iplen == 0)
+ if (iplen == 0) {
return -2;
+ }
return do_x509_check(x, (char *)ipout, iplen, flags, GEN_IPADD, NULL);
}
@@ -1069,12 +1159,14 @@
int iplen;
iplen = x509v3_a2i_ipadd(ipout, ipasc);
- if (!iplen)
+ if (!iplen) {
return NULL;
+ }
ret = ASN1_OCTET_STRING_new();
- if (!ret)
+ if (!ret) {
return NULL;
+ }
if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) {
ASN1_OCTET_STRING_free(ret);
return NULL;
@@ -1088,40 +1180,48 @@
char *iptmp = NULL, *p;
int iplen1, iplen2;
p = strchr(ipasc, '/');
- if (!p)
+ if (!p) {
return NULL;
+ }
iptmp = OPENSSL_strdup(ipasc);
- if (!iptmp)
+ if (!iptmp) {
return NULL;
+ }
p = iptmp + (p - ipasc);
*p++ = 0;
iplen1 = x509v3_a2i_ipadd(ipout, iptmp);
- if (!iplen1)
+ if (!iplen1) {
goto err;
+ }
iplen2 = x509v3_a2i_ipadd(ipout + iplen1, p);
OPENSSL_free(iptmp);
iptmp = NULL;
- if (!iplen2 || (iplen1 != iplen2))
+ if (!iplen2 || (iplen1 != iplen2)) {
goto err;
+ }
ret = ASN1_OCTET_STRING_new();
- if (!ret)
+ if (!ret) {
goto err;
- if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2))
+ }
+ if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2)) {
goto err;
+ }
return ret;
err:
- if (iptmp)
+ if (iptmp) {
OPENSSL_free(iptmp);
- if (ret)
+ }
+ if (ret) {
ASN1_OCTET_STRING_free(ret);
+ }
return NULL;
}
@@ -1129,23 +1229,27 @@
/* If string contains a ':' assume IPv6 */
if (strchr(ipasc, ':')) {
- if (!ipv6_from_asc(ipout, ipasc))
+ if (!ipv6_from_asc(ipout, ipasc)) {
return 0;
+ }
return 16;
} else {
- if (!ipv4_from_asc(ipout, ipasc))
+ if (!ipv4_from_asc(ipout, ipasc)) {
return 0;
+ }
return 4;
}
}
static int ipv4_from_asc(unsigned char v4[4], const char *in) {
int a0, a1, a2, a3;
- if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
+ if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4) {
return 0;
+ }
if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) || (a2 < 0) ||
- (a2 > 255) || (a3 < 0) || (a3 > 255))
+ (a2 > 255) || (a3 < 0) || (a3 > 255)) {
return 0;
+ }
v4[0] = a0;
v4[1] = a1;
v4[2] = a2;
@@ -1174,36 +1278,43 @@
* The presence of a '::' will parse as one, two or three zero length
* elements.
*/
- if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat))
+ if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat)) {
return 0;
+ }
/* Now for some sanity checks */
if (v6stat.zero_pos == -1) {
/* If no '::' must have exactly 16 bytes */
- if (v6stat.total != 16)
+ if (v6stat.total != 16) {
return 0;
+ }
} else {
/* If '::' must have less than 16 bytes */
- if (v6stat.total == 16)
+ if (v6stat.total == 16) {
return 0;
+ }
/* More than three zeroes is an error */
- if (v6stat.zero_cnt > 3)
+ if (v6stat.zero_cnt > 3) {
return 0;
+ }
/* Can only have three zeroes if nothing else present */
else if (v6stat.zero_cnt == 3) {
- if (v6stat.total > 0)
+ if (v6stat.total > 0) {
return 0;
+ }
}
/* Can only have two zeroes if at start or end */
else if (v6stat.zero_cnt == 2) {
- if ((v6stat.zero_pos != 0) && (v6stat.zero_pos != v6stat.total))
+ if ((v6stat.zero_pos != 0) && (v6stat.zero_pos != v6stat.total)) {
return 0;
+ }
} else
/* Can only have one zero if *not* start or end */
{
- if ((v6stat.zero_pos == 0) || (v6stat.zero_pos == v6stat.total))
+ if ((v6stat.zero_pos == 0) || (v6stat.zero_pos == v6stat.total)) {
return 0;
+ }
}
}
@@ -1215,12 +1326,14 @@
/* Zero middle */
OPENSSL_memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total);
/* Copy final part */
- if (v6stat.total != v6stat.zero_pos)
+ if (v6stat.total != v6stat.zero_pos) {
OPENSSL_memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total,
v6stat.tmp + v6stat.zero_pos,
v6stat.total - v6stat.zero_pos);
- } else
+ }
+ } else {
OPENSSL_memcpy(v6, v6stat.tmp, 16);
+ }
return 1;
}
@@ -1228,31 +1341,38 @@
static int ipv6_cb(const char *elem, int len, void *usr) {
IPV6_STAT *s = usr;
/* Error if 16 bytes written */
- if (s->total == 16)
+ if (s->total == 16) {
return 0;
+ }
if (len == 0) {
/* Zero length element, corresponds to '::' */
- if (s->zero_pos == -1)
+ if (s->zero_pos == -1) {
s->zero_pos = s->total;
+ }
/* If we've already got a :: its an error */
- else if (s->zero_pos != s->total)
+ else if (s->zero_pos != s->total) {
return 0;
+ }
s->zero_cnt++;
} else {
/* If more than 4 characters could be final a.b.c.d form */
if (len > 4) {
/* Need at least 4 bytes left */
- if (s->total > 12)
+ if (s->total > 12) {
return 0;
+ }
/* Must be end of string */
- if (elem[len])
+ if (elem[len]) {
return 0;
- if (!ipv4_from_asc(s->tmp + s->total, elem))
+ }
+ if (!ipv4_from_asc(s->tmp + s->total, elem)) {
return 0;
+ }
s->total += 4;
} else {
- if (!ipv6_hex(s->tmp + s->total, elem, len))
+ if (!ipv6_hex(s->tmp + s->total, elem, len)) {
return 0;
+ }
s->total += 2;
}
}
@@ -1266,19 +1386,21 @@
static int ipv6_hex(unsigned char *out, const char *in, int inlen) {
unsigned char c;
unsigned int num = 0;
- if (inlen > 4)
+ if (inlen > 4) {
return 0;
+ }
while (inlen--) {
c = *in++;
num <<= 4;
- if ((c >= '0') && (c <= '9'))
+ if ((c >= '0') && (c <= '9')) {
num |= c - '0';
- else if ((c >= 'A') && (c <= 'F'))
+ } else if ((c >= 'A') && (c <= 'F')) {
num |= c - 'A' + 10;
- else if ((c >= 'a') && (c <= 'f'))
+ } else if ((c >= 'a') && (c <= 'f')) {
num |= c - 'a' + 10;
- else
+ } else {
return 0;
+ }
}
out[0] = num >> 8;
out[1] = num & 0xff;
@@ -1291,8 +1413,9 @@
int mval;
size_t i;
char *p, *type;
- if (!nm)
+ if (!nm) {
return 0;
+ }
for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) {
v = sk_CONF_VALUE_value(dn_sk, i);
@@ -1300,21 +1423,25 @@
/*
* Skip past any leading X. X: X, etc to allow for multiple instances
*/
- for (p = type; *p; p++)
+ for (p = type; *p; p++) {
if ((*p == ':') || (*p == ',') || (*p == '.')) {
p++;
- if (*p)
+ if (*p) {
type = p;
+ }
break;
}
+ }
if (*type == '+') {
mval = -1;
type++;
- } else
+ } else {
mval = 0;
+ }
if (!X509_NAME_add_entry_by_txt(nm, type, chtype, (unsigned char *)v->value,
- -1, -1, mval))
+ -1, -1, mval)) {
return 0;
+ }
}
return 1;
}
