From d924e559440ace0b2442be7fb1fdb161f95f84e1 Mon Sep 17 00:00:00 2001 From: pespacek Date: Mon, 28 Feb 2022 11:49:54 +0100 Subject: [PATCH] Improving readability of x509_crt and x509write_crt Signed-off-by: pespacek --- library/x509_crt.c | 13 ++++++------- library/x509write_crt.c | 36 ++++++++++++++++++------------------ 2 files changed, 24 insertions(+), 25 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 14bedddbbf..d19502ce1e 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2378,12 +2378,12 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm = mbedtls_psa_translate_md( crl_list->sig_md ); - if(psa_hash_compute( psa_algorithm, - crl_list->tbs.p, - crl_list->tbs.len, - hash, - sizeof( hash ), - &hash_length ) != PSA_SUCCESS ) + if( psa_hash_compute( psa_algorithm, + crl_list->tbs.p, + crl_list->tbs.len, + hash, + sizeof( hash ), + &hash_length ) != PSA_SUCCESS ) { /* Note: this can't happen except after an internal error */ flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; @@ -2403,7 +2403,6 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( x509_profile_check_key( profile, &ca->pk ) != 0 ) flags |= MBEDTLS_X509_BADCERT_BAD_KEY; diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 07f5851bb4..0d252636b9 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -187,11 +187,12 @@ static int mbedtls_x509write_crt_set_key_identifier( mbedtls_x509write_cert #endif /* MBEDTLS_USE_PSA_CRYPTO */ memset( buf, 0, sizeof(buf) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, - buf, - is_ca ? - ctx->issuer_key : - ctx->subject_key ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_pk_write_pubkey( &c, + buf, + is_ca ? + ctx->issuer_key : + ctx->subject_key ) ); #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -216,8 +217,7 @@ static int mbedtls_x509write_crt_set_key_identifier( mbedtls_x509write_cert len = 20; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( &c, buf, tag ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, tag ) ); if( is_ca ) // writes AuthorityKeyIdentifier sequence { @@ -228,17 +228,17 @@ static int mbedtls_x509write_crt_set_key_identifier( mbedtls_x509write_cert MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); } - return mbedtls_x509write_crt_set_extension( - ctx, - is_ca ? MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER : - MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER, - is_ca ? MBEDTLS_OID_SIZE( - MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ) : - MBEDTLS_OID_SIZE( - MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ), - 0, - buf + sizeof( buf ) - len, - len ); + + if( is_ca ) + return mbedtls_x509write_crt_set_extension( ctx, + MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER, + MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ), + 0, buf + sizeof(buf) - len, len ); + + return mbedtls_x509write_crt_set_extension( ctx, + MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER, + MBEDTLS_OID_SIZE( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ), + 0, buf + sizeof(buf) - len, len ); } int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx )