From 888098304b0a77aee2d5ca5951ee5fccfeb6b1c2 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 2 Aug 2017 15:29:31 +0100 Subject: [PATCH] More updates following review feedback Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/3740) --- crypto/bio/b_print.c | 2 +- crypto/kdf/tls1_prf.c | 2 +- crypto/x509/x_x509.c | 3 --- crypto/x509v3/v3_addr.c | 21 +++------------------ crypto/x509v3/v3_asid.c | 9 +++------ 5 files changed, 8 insertions(+), 29 deletions(-) diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index bca586da84..ebb6845dbd 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -805,7 +805,7 @@ static int doapr_outch(char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) { - /* If we haven't at least one buffer, someone has doe a big booboo */ + /* If we haven't at least one buffer, someone has done a big booboo */ if (!ossl_assert(*sbuffer != NULL || buffer != NULL)) return 0; diff --git a/crypto/kdf/tls1_prf.c b/crypto/kdf/tls1_prf.c index ce8425d4d4..339e10c1b7 100644 --- a/crypto/kdf/tls1_prf.c +++ b/crypto/kdf/tls1_prf.c @@ -184,7 +184,7 @@ static int tls1_prf_P_hash(const EVP_MD *md, int ret = 0; chunk = EVP_MD_size(md); - if (!ossl_assert(chunk >= 0)) + if (!ossl_assert(chunk > 0)) goto err; ctx = EVP_MD_CTX_new(); diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index b45944851d..f83ebed175 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -145,9 +145,6 @@ static int i2d_x509_aux_internal(X509 *a, unsigned char **pp) int length, tmplen; unsigned char *start = pp != NULL ? *pp : NULL; - if (!ossl_assert(pp == NULL || *pp != NULL)) - return -1; - /* * This might perturb *pp on error, but fixing that belongs in i2d_X509() * not here. It should be that if a == NULL length is zero, but we check diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c index 64d27f26e5..f4e1298ca3 100644 --- a/crypto/x509v3/v3_addr.c +++ b/crypto/x509v3/v3_addr.c @@ -496,8 +496,6 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr, for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { f = sk_IPAddressFamily_value(addr, i); - if (!ossl_assert(f->addressFamily->data != NULL)) - goto err; if (f->addressFamily->length == keylen && !memcmp(f->addressFamily->data, key, keylen)) return f; @@ -1201,11 +1199,6 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, } else { i = 0; x = sk_X509_value(chain, i); - if (!ossl_assert(x != NULL)) { - if (ctx != NULL) - ctx->error = X509_V_ERR_UNSPECIFIED; - return 0; - } if ((ext = x->rfc3779_addr) == NULL) goto done; } @@ -1227,11 +1220,6 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, */ for (i++; i < sk_X509_num(chain); i++) { x = sk_X509_value(chain, i); - if (!ossl_assert(x != NULL)) { - if (ctx != NULL) - ctx->error = X509_V_ERR_UNSPECIFIED; - return 0; - } if (!X509v3_addr_is_canonical(x->rfc3779_addr)) validation_err(X509_V_ERR_INVALID_EXTENSION); if (x->rfc3779_addr == NULL) { @@ -1275,11 +1263,6 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, /* * Trust anchor can't inherit. */ - if (!ossl_assert(x != NULL)) { - if (ctx != NULL) - ctx->error = X509_V_ERR_UNSPECIFIED; - return 0; - } if (x->rfc3779_addr != NULL) { for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) { IPAddressFamily *fp = @@ -1304,8 +1287,10 @@ int X509v3_addr_validate_path(X509_STORE_CTX *ctx) { if (ctx->chain == NULL || sk_X509_num(ctx->chain) == 0 - || ctx->verify_cb == NULL) + || ctx->verify_cb == NULL) { + ctx->error = X509_V_ERR_UNSPECIFIED; return 0; + } return addr_validate_path_internal(ctx, ctx->chain, NULL); } diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c index 66259bae1b..6bc4afd38c 100644 --- a/crypto/x509v3/v3_asid.c +++ b/crypto/x509v3/v3_asid.c @@ -743,11 +743,6 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx, } else { i = 0; x = sk_X509_value(chain, i); - if (!ossl_assert(x != NULL)) { - if (ctx != NULL) - ctx->error = X509_V_ERR_UNSPECIFIED; - return 0; - } if ((ext = x->rfc3779_asid) == NULL) goto done; } @@ -857,8 +852,10 @@ int X509v3_asid_validate_path(X509_STORE_CTX *ctx) { if (ctx->chain == NULL || sk_X509_num(ctx->chain) == 0 - || ctx->verify_cb == NULL) + || ctx->verify_cb == NULL) { + ctx->error = X509_V_ERR_UNSPECIFIED; return 0; + } return asid_validate_path_internal(ctx, ctx->chain, NULL); } -- 2.25.1