From a707e1d1ef5398c6a6208184ac116e385d0a2ad4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 5 Jul 2017 17:18:42 +0200
Subject: [PATCH] Extract code to separate function for readablity

---
 library/x509_crt.c | 48 ++++++++++++++++++++++++++++++----------------
 1 file changed, 32 insertions(+), 16 deletions(-)

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 291f71419..676dcfb43 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2239,6 +2239,36 @@ static void x509_crt_verify_name( const mbedtls_x509_crt *crt,
     }
 }
 
+/*
+ * Merge the flags for all certs in the chain, after calling callback
+ */
+static int x509_crt_merge_flags_with_cb(
+           uint32_t *flags,
+           x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE],
+           int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+           void *p_vrfy )
+{
+    int ret;
+    size_t i, j;
+    uint32_t cur_flags;
+
+    for( i = X509_MAX_VERIFY_CHAIN_SIZE; i != 0; --i )
+    {
+        if( ver_chain[i-1].crt == NULL )
+            continue;
+
+        cur_flags = ver_chain[i-1].flags;
+
+        if( NULL != f_vrfy )
+            if( ( ret = f_vrfy( p_vrfy, ver_chain[i-1].crt, i-1, &cur_flags ) ) != 0 )
+                return( ret );
+
+        *flags |= cur_flags;
+    }
+
+    return( 0 );
+}
+
 /*
  * Verify the certificate validity
  */
@@ -2272,8 +2302,6 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
     int ret;
     mbedtls_pk_type_t pk_type;
     x509_crt_verify_chain_item ver_chain[X509_MAX_VERIFY_CHAIN_SIZE];
-    size_t i;
-    uint32_t cur_flags;
     uint32_t *ee_flags = &ver_chain[0].flags;
 
     *flags = 0;
@@ -2303,20 +2331,8 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
     if( ret != 0 )
         goto exit;
 
-    /* Build final flags, calling calback on the way if any */
-    for( i = X509_MAX_VERIFY_CHAIN_SIZE; i != 0; --i )
-    {
-        if( ver_chain[i-1].crt == NULL )
-            continue;
-
-        cur_flags = ver_chain[i-1].flags;
-
-        if( NULL != f_vrfy )
-            if( ( ret = f_vrfy( p_vrfy, ver_chain[i-1].crt, i-1, &cur_flags ) ) != 0 )
-                goto exit;
-
-        *flags |= cur_flags;
-    }
+    /* Build final flags, calling callback on the way if any */
+    ret = x509_crt_merge_flags_with_cb( flags, ver_chain, f_vrfy, p_vrfy );
 
 exit:
     /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by