More updates following review feedback
authorMatt Caswell <matt@openssl.org>
Wed, 2 Aug 2017 14:29:31 +0000 (15:29 +0100)
committerMatt Caswell <matt@openssl.org>
Mon, 21 Aug 2017 07:44:44 +0000 (08:44 +0100)
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)

crypto/bio/b_print.c
crypto/kdf/tls1_prf.c
crypto/x509/x_x509.c
crypto/x509v3/v3_addr.c
crypto/x509v3/v3_asid.c

index bca586da84fbe0482b8c6c923839f68994bcba1f..ebb6845dbd7bc7f86deed4e30a6326f2cf631711 100644 (file)
@@ -805,7 +805,7 @@ static int
 doapr_outch(char **sbuffer,
             char **buffer, size_t *currlen, size_t *maxlen, int c)
 {
-    /* If we haven't at least one buffer, someone has doe a big booboo */
+    /* If we haven't at least one buffer, someone has done a big booboo */
     if (!ossl_assert(*sbuffer != NULL || buffer != NULL))
         return 0;
 
index ce8425d4d4fb7dcbde14fa4353dd813680144409..339e10c1b7c9e5cfb33cabf6078d769ffe7fb5f0 100644 (file)
@@ -184,7 +184,7 @@ static int tls1_prf_P_hash(const EVP_MD *md,
     int ret = 0;
 
     chunk = EVP_MD_size(md);
-    if (!ossl_assert(chunk >= 0))
+    if (!ossl_assert(chunk > 0))
         goto err;
 
     ctx = EVP_MD_CTX_new();
index b45944851d4dbad463131591cf5ee26d9419b841..f83ebed175dba9ecc03049367e1b4cf3a882bfbc 100644 (file)
@@ -145,9 +145,6 @@ static int i2d_x509_aux_internal(X509 *a, unsigned char **pp)
     int length, tmplen;
     unsigned char *start = pp != NULL ? *pp : NULL;
 
-    if (!ossl_assert(pp == NULL || *pp != NULL))
-        return -1;
-
     /*
      * This might perturb *pp on error, but fixing that belongs in i2d_X509()
      * not here.  It should be that if a == NULL length is zero, but we check
index 64d27f26e545d9e13e050afc263fd4d6bcd2176a..f4e1298ca33af50e8d6e818ea9be08fbb6eecfae 100644 (file)
@@ -496,8 +496,6 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
 
     for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
         f = sk_IPAddressFamily_value(addr, i);
-        if (!ossl_assert(f->addressFamily->data != NULL))
-            goto err;
         if (f->addressFamily->length == keylen &&
             !memcmp(f->addressFamily->data, key, keylen))
             return f;
@@ -1201,11 +1199,6 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
     } else {
         i = 0;
         x = sk_X509_value(chain, i);
-        if (!ossl_assert(x != NULL)) {
-            if (ctx != NULL)
-                ctx->error = X509_V_ERR_UNSPECIFIED;
-            return 0;
-        }
         if ((ext = x->rfc3779_addr) == NULL)
             goto done;
     }
@@ -1227,11 +1220,6 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
      */
     for (i++; i < sk_X509_num(chain); i++) {
         x = sk_X509_value(chain, i);
-        if (!ossl_assert(x != NULL)) {
-            if (ctx != NULL)
-                ctx->error = X509_V_ERR_UNSPECIFIED;
-            return 0;
-        }
         if (!X509v3_addr_is_canonical(x->rfc3779_addr))
             validation_err(X509_V_ERR_INVALID_EXTENSION);
         if (x->rfc3779_addr == NULL) {
@@ -1275,11 +1263,6 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
     /*
      * Trust anchor can't inherit.
      */
-    if (!ossl_assert(x != NULL)) {
-        if (ctx != NULL)
-            ctx->error = X509_V_ERR_UNSPECIFIED;
-        return 0;
-    }
     if (x->rfc3779_addr != NULL) {
         for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) {
             IPAddressFamily *fp =
@@ -1304,8 +1287,10 @@ int X509v3_addr_validate_path(X509_STORE_CTX *ctx)
 {
     if (ctx->chain == NULL
             || sk_X509_num(ctx->chain) == 0
-            || ctx->verify_cb == NULL)
+            || ctx->verify_cb == NULL) {
+        ctx->error = X509_V_ERR_UNSPECIFIED;
         return 0;
+    }
     return addr_validate_path_internal(ctx, ctx->chain, NULL);
 }
 
index 66259bae1bb19e3ead1dcae46760671934ef2079..6bc4afd38cf480b292c652c4f497df5304dac480 100644 (file)
@@ -743,11 +743,6 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx,
     } else {
         i = 0;
         x = sk_X509_value(chain, i);
-        if (!ossl_assert(x != NULL)) {
-            if (ctx != NULL)
-                ctx->error = X509_V_ERR_UNSPECIFIED;
-            return 0;
-        }
         if ((ext = x->rfc3779_asid) == NULL)
             goto done;
     }
@@ -857,8 +852,10 @@ int X509v3_asid_validate_path(X509_STORE_CTX *ctx)
 {
     if (ctx->chain == NULL
             || sk_X509_num(ctx->chain) == 0
-            || ctx->verify_cb == NULL)
+            || ctx->verify_cb == NULL) {
+        ctx->error = X509_V_ERR_UNSPECIFIED;
         return 0;
+    }
     return asid_validate_path_internal(ctx, ctx->chain, NULL);
 }