From f93cbd267443e27e9b5e3a53742fb0f20cf6a5ea Mon Sep 17 00:00:00 2001 From: Xiaofei Bai Date: Fri, 29 Oct 2021 02:39:30 +0000 Subject: [PATCH] fix some format issues Signed-off-by: Xiaofei Bai --- library/ssl_tls13_client.c | 2 +- library/ssl_tls13_generic.c | 14 ++++++-------- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index f1a31cab6..0fb09c4ce 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1572,7 +1572,7 @@ static int ssl_tls1_3_process_server_certificate( mbedtls_ssl_context *ssl ) int ret; ret = mbedtls_ssl_tls13_process_certificate( ssl ); - if( ret != 0) + if( ret != 0 ) return( ret ); mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_CERTIFICATE_VERIFY ); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 9e643d478..c8601ce17 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -311,9 +311,7 @@ static int ssl_tls13_parse_certificate( mbedtls_ssl_context *ssl, size_t cert_data_len, extensions_len; MBEDTLS_SSL_CHK_BUF_READ_PTR( p, certificate_list_end, 3 ); - cert_data_len = ( ( size_t )p[0] << 16 ) | - ( ( size_t )p[1] << 8 ) | - ( ( size_t )p[2] ); + cert_data_len = MBEDTLS_GET_UINT24_BE( p, 0 ); p += 3; /* In theory, the CRT can be up to 2^24 Bytes, but we don't support @@ -483,11 +481,11 @@ static int ssl_tls13_validate_certificate( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED, ret ); else if( verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH ) MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_BAD_CERT, ret ); - else if( ( verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE ) || - ( verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE ) || - ( verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE ) || - ( verify_result & MBEDTLS_X509_BADCERT_BAD_PK ) || - ( verify_result & MBEDTLS_X509_BADCERT_BAD_KEY ) ) + else if( verify_result & ( MBEDTLS_X509_BADCERT_KEY_USAGE | + MBEDTLS_X509_BADCERT_EXT_KEY_USAGE | + MBEDTLS_X509_BADCERT_NS_CERT_TYPE | + MBEDTLS_X509_BADCERT_BAD_PK | + MBEDTLS_X509_BADCERT_BAD_KEY ) ) MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT, ret ); else if( verify_result & MBEDTLS_X509_BADCERT_EXPIRED ) MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED, ret );