Fix X509_STORE_CTX_init. Make indentation more consistent. Dump core less often.

crypto/x509/x509_vfy.c

@@ -322,10 +322,12 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
 {
 	int i;
 	X509 *issuer;
-	for(i = 0; i < sk_X509_num(sk); i++) {
+	for(i = 0; i < sk_X509_num(sk); i++)
+		{
 		issuer = sk_X509_value(sk, i);
-		if(ctx->check_issued(ctx, x, issuer)) return issuer;
+		if(ctx->check_issued(ctx, x, issuer))
-	}
+			return issuer;
+		}
 	return NULL;
 }
 
@@ -335,15 +337,18 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
 {
 	int ret;
 	ret = X509_check_issued(issuer, x);
-	if(ret == X509_V_OK) return 1;
+	if (ret == X509_V_OK)
-	else {
+		return 1;
-			ctx->error = ret;
+	else
-			ctx->current_cert = x;
+		{
-			ctx->current_issuer = issuer;
+		ctx->error = ret;
-			if(ctx->flags &	X509_V_FLAG_CB_ISSUER_CHECK)
+		ctx->current_cert = x;
-				return ctx->verify_cb(0, ctx);
+		ctx->current_issuer = issuer;
-			else return 0;
+		if ((ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK) && ctx->verify_cb)
-	}
+			return ctx->verify_cb(0, ctx);
+		else
+			return 0;
+		}
 	return 0;
 }
 
@@ -352,10 +357,13 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
 static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
 {
 	*issuer = find_issuer(ctx, ctx->other_ctx, x);
-	if(*issuer) {
+	if (*issuer)
+		{
 		CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509);
 		return 1;
-	} else return 0;
+		}
+	else
+		return 0;
 }
 	
 
@@ -374,28 +382,33 @@ static int check_chain_purpose(X509_STORE_CTX *ctx)
 	cb=ctx->verify_cb;
 	if (cb == NULL) cb=null_callback;
 	/* Check all untrusted certificates */
-	for(i = 0; i < ctx->last_untrusted; i++) {
+	for(i = 0; i < ctx->last_untrusted; i++)
+		{
 		x = sk_X509_value(ctx->chain, i);
-		if(!X509_check_purpose(x, ctx->purpose, i)) {
+		if (!X509_check_purpose(x, ctx->purpose, i))
-			if(i) ctx->error = X509_V_ERR_INVALID_CA;
+			{
-			else ctx->error = X509_V_ERR_INVALID_PURPOSE;
+			if (i)
+				ctx->error = X509_V_ERR_INVALID_CA;
+			else
+				ctx->error = X509_V_ERR_INVALID_PURPOSE;
 			ctx->error_depth = i;
 			ctx->current_cert = x;
 			ok=cb(0,ctx);
-			if(!ok) goto end;
+			if (!ok) goto end;
-		}
+			}
 		/* Check pathlen */
 		if((i > 1) && (x->ex_pathlen != -1)
-					&& (i > (x->ex_pathlen + 1))) {
+			   && (i > (x->ex_pathlen + 1)))
+			{
 			ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
 			ctx->error_depth = i;
 			ctx->current_cert = x;
 			ok=cb(0,ctx);
-			if(!ok) goto end;
+			if (!ok) goto end;
+			}
 		}
-	}
 	ok = 1;
-	end:
+ end:
 	return(ok);
 #endif
 }
@@ -414,11 +427,14 @@ static int check_trust(X509_STORE_CTX *ctx)
 	i = sk_X509_num(ctx->chain) - 1;
 	x = sk_X509_value(ctx->chain, i);
 	ok = X509_check_trust(x, ctx->trust, 0);
-	if(ok == X509_TRUST_TRUSTED) return 1;
+	if (ok == X509_TRUST_TRUSTED)
+		return 1;
 	ctx->error_depth = sk_X509_num(ctx->chain) - 1;
 	ctx->current_cert = x;
-	if(ok == X509_TRUST_REJECTED) ctx->error = X509_V_ERR_CERT_REJECTED;
+	if (ok == X509_TRUST_REJECTED)
-	else ctx->error = X509_V_ERR_CERT_UNTRUSTED;
+		ctx->error = X509_V_ERR_CERT_REJECTED;
+	else
+		ctx->error = X509_V_ERR_CERT_UNTRUSTED;
 	ok = cb(0, ctx);
 	return(ok);
 #endif
@@ -439,8 +455,10 @@ static int internal_verify(X509_STORE_CTX *ctx)
 	ctx->error_depth=n-1;
 	n--;
 	xi=sk_X509_value(ctx->chain,n);
-	if(ctx->flags & X509_V_FLAG_USE_CHECK_TIME) ptime = &ctx->check_time;
+	if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
-	else ptime = NULL;
+		ptime = &ctx->check_time;
+	else
+		ptime = NULL;
 	if (ctx->check_issued(ctx, xi, xi))
 		xs=xi;
 	else
@@ -557,17 +575,20 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
 	p=buff1;
 	i=ctm->length;
 	str=(char *)ctm->data;
-	if(ctm->type == V_ASN1_UTCTIME) {
+	if (ctm->type == V_ASN1_UTCTIME)
+		{
 		if ((i < 11) || (i > 17)) return(0);
 		memcpy(p,str,10);
 		p+=10;
 		str+=10;
-	} else {
+		}
-		if(i < 13) return 0;
+	else
+		{
+		if (i < 13) return 0;
 		memcpy(p,str,12);
 		p+=12;
 		str+=12;
-	}
+		}
 
 	if ((*str == 'Z') || (*str == '-') || (*str == '+'))
 		{ *(p++)='0'; *(p++)='0'; }
@@ -576,13 +597,13 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
 		*(p++)= *(str++);
 		*(p++)= *(str++);
 		/* Skip any fractional seconds... */
-		if(*str == '.')
+		if (*str == '.')
 			{
 			str++;
 			while((*str >= '0') && (*str <= '9')) str++;
 			}
-
+		
-	}
+		}
 	*(p++)='Z';
 	*(p++)='\0';
 
@@ -730,10 +751,11 @@ STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
 	X509 *x;
 	STACK_OF(X509) *chain;
 	if(!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
-	for(i = 0; i < sk_X509_num(chain); i++) {
+	for(i = 0; i < sk_X509_num(chain); i++)
+		{
 		x = sk_X509_value(chain, i);
 		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-	}
+		}
 	return(chain);
 	}
 
@@ -772,37 +794,43 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 {
 	int idx;
 	/* If purpose not set use default */
-	if(!purpose) purpose = def_purpose;
+	if (!purpose) purpose = def_purpose;
 	/* If we have a purpose then check it is valid */
-	if(purpose) {
+	if (purpose)
+		{
 		X509_PURPOSE *ptmp;
 		idx = X509_PURPOSE_get_by_id(purpose);
-		if(idx == -1) {
+		if(idx == -1)
+			{
 			X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
 						X509_R_UNKNOWN_PURPOSE_ID);
 			return 0;
-		}
+			}
 		ptmp = X509_PURPOSE_get0(idx);
-		if(ptmp->trust == X509_TRUST_DEFAULT) {
+		if(ptmp->trust == X509_TRUST_DEFAULT)
+			{
 			idx = X509_PURPOSE_get_by_id(def_purpose);
-			if(idx == -1) {
+			if(idx == -1)
+				{
 				X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
 						X509_R_UNKNOWN_PURPOSE_ID);
 				return 0;
-			}
+				}
 			ptmp = X509_PURPOSE_get0(idx);
-		}
+			}
 		/* If trust not set then get from purpose default */
 		if(!trust) trust = ptmp->trust;
-	}
+		}
-	if(trust) {
+	if(trust)
+		{
 		idx = X509_TRUST_get_by_id(trust);
-		if(idx == -1) {
+		if(idx == -1)
+			{
 			X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
 						X509_R_UNKNOWN_TRUST_ID);
 			return 0;
+			}
 		}
-	}
 
 	if(purpose) ctx->purpose = purpose;
 	if(trust) ctx->trust = trust;
@@ -813,7 +841,7 @@ X509_STORE_CTX *X509_STORE_CTX_new(void)
 {
 	X509_STORE_CTX *ctx;
 	ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
-	if(ctx) memset(ctx, 0, sizeof(X509_STORE_CTX));
+	if (ctx) memset(ctx, 0, sizeof(X509_STORE_CTX));
 	return ctx;
 }
 
@@ -833,17 +861,21 @@ void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
 	ctx->last_untrusted=0;
 	ctx->purpose=0;
 	ctx->trust=0;
+	ctx->check_time=0;
+	ctx->flags=0;
+	ctx->other_ctx=NULL;
 	ctx->valid=0;
 	ctx->chain=NULL;
 	ctx->depth=9;
 	ctx->error=0;
+	ctx->error_depth=0;
 	ctx->current_cert=NULL;
 	ctx->current_issuer=NULL;
 	ctx->check_issued = check_issued;
 	ctx->get_issuer = X509_STORE_CTX_get1_issuer;
 	ctx->verify_cb = store->verify_cb;
 	ctx->verify = store->verify;
-	ctx->cleanup = NULL;
+	ctx->cleanup = 0;
 	memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA));
 	}
 

crypto/x509/x509_vfy.h

@@ -154,7 +154,7 @@ typedef struct x509_lookup_method_st
 			    X509_OBJECT *ret);
 	} X509_LOOKUP_METHOD;
 
-typedef struct x509_store_state_st X509_STORE_CTX;
+typedef struct x509_store_ctx_st X509_STORE_CTX;
 
 /* This is used to hold everything.  It is used for all certificate
  * validation.  Once we have a certificate chain, the 'verify'
@@ -194,7 +194,7 @@ struct x509_lookup_st
 /* This is a used when verifying cert chains.  Since the
  * gathering of the cert chain can take some time (and have to be
  * 'retried', this needs to be kept and passed around. */
-struct x509_store_state_st      /* X509_STORE_CTX */
+struct x509_store_ctx_st      /* X509_STORE_CTX */
 	{
 	X509_STORE *ctx;
 	int current_method;	/* used when looking up certs */