From: Matt Caswell <matt@openssl.org>
Date: Wed, 2 Aug 2017 14:29:31 +0000 (+0100)
Subject: More updates following review feedback
X-Git-Tag: OpenSSL_1_1_1-pre1~802
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=888098304b0a77aee2d5ca5951ee5fccfeb6b1c2

More updates following review feedback

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3740)
---

diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
index bca586da84..ebb6845dbd 100644
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -805,7 +805,7 @@ static int
 doapr_outch(char **sbuffer,
             char **buffer, size_t *currlen, size_t *maxlen, int c)
 {
-    /* If we haven't at least one buffer, someone has doe a big booboo */
+    /* If we haven't at least one buffer, someone has done a big booboo */
     if (!ossl_assert(*sbuffer != NULL || buffer != NULL))
         return 0;
 
diff --git a/crypto/kdf/tls1_prf.c b/crypto/kdf/tls1_prf.c
index ce8425d4d4..339e10c1b7 100644
--- a/crypto/kdf/tls1_prf.c
+++ b/crypto/kdf/tls1_prf.c
@@ -184,7 +184,7 @@ static int tls1_prf_P_hash(const EVP_MD *md,
     int ret = 0;
 
     chunk = EVP_MD_size(md);
-    if (!ossl_assert(chunk >= 0))
+    if (!ossl_assert(chunk > 0))
         goto err;
 
     ctx = EVP_MD_CTX_new();
diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index b45944851d..f83ebed175 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -145,9 +145,6 @@ static int i2d_x509_aux_internal(X509 *a, unsigned char **pp)
     int length, tmplen;
     unsigned char *start = pp != NULL ? *pp : NULL;
 
-    if (!ossl_assert(pp == NULL || *pp != NULL))
-        return -1;
-
     /*
      * This might perturb *pp on error, but fixing that belongs in i2d_X509()
      * not here.  It should be that if a == NULL length is zero, but we check
diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
index 64d27f26e5..f4e1298ca3 100644
--- a/crypto/x509v3/v3_addr.c
+++ b/crypto/x509v3/v3_addr.c
@@ -496,8 +496,6 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
 
     for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
         f = sk_IPAddressFamily_value(addr, i);
-        if (!ossl_assert(f->addressFamily->data != NULL))
-            goto err;
         if (f->addressFamily->length == keylen &&
             !memcmp(f->addressFamily->data, key, keylen))
             return f;
@@ -1201,11 +1199,6 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
     } else {
         i = 0;
         x = sk_X509_value(chain, i);
-        if (!ossl_assert(x != NULL)) {
-            if (ctx != NULL)
-                ctx->error = X509_V_ERR_UNSPECIFIED;
-            return 0;
-        }
         if ((ext = x->rfc3779_addr) == NULL)
             goto done;
     }
@@ -1227,11 +1220,6 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
      */
     for (i++; i < sk_X509_num(chain); i++) {
         x = sk_X509_value(chain, i);
-        if (!ossl_assert(x != NULL)) {
-            if (ctx != NULL)
-                ctx->error = X509_V_ERR_UNSPECIFIED;
-            return 0;
-        }
         if (!X509v3_addr_is_canonical(x->rfc3779_addr))
             validation_err(X509_V_ERR_INVALID_EXTENSION);
         if (x->rfc3779_addr == NULL) {
@@ -1275,11 +1263,6 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
     /*
      * Trust anchor can't inherit.
      */
-    if (!ossl_assert(x != NULL)) {
-        if (ctx != NULL)
-            ctx->error = X509_V_ERR_UNSPECIFIED;
-        return 0;
-    }
     if (x->rfc3779_addr != NULL) {
         for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) {
             IPAddressFamily *fp =
@@ -1304,8 +1287,10 @@ int X509v3_addr_validate_path(X509_STORE_CTX *ctx)
 {
     if (ctx->chain == NULL
             || sk_X509_num(ctx->chain) == 0
-            || ctx->verify_cb == NULL)
+            || ctx->verify_cb == NULL) {
+        ctx->error = X509_V_ERR_UNSPECIFIED;
         return 0;
+    }
     return addr_validate_path_internal(ctx, ctx->chain, NULL);
 }
 
diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c
index 66259bae1b..6bc4afd38c 100644
--- a/crypto/x509v3/v3_asid.c
+++ b/crypto/x509v3/v3_asid.c
@@ -743,11 +743,6 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx,
     } else {
         i = 0;
         x = sk_X509_value(chain, i);
-        if (!ossl_assert(x != NULL)) {
-            if (ctx != NULL)
-                ctx->error = X509_V_ERR_UNSPECIFIED;
-            return 0;
-        }
         if ((ext = x->rfc3779_asid) == NULL)
             goto done;
     }
@@ -857,8 +852,10 @@ int X509v3_asid_validate_path(X509_STORE_CTX *ctx)
 {
     if (ctx->chain == NULL
             || sk_X509_num(ctx->chain) == 0
-            || ctx->verify_cb == NULL)
+            || ctx->verify_cb == NULL) {
+        ctx->error = X509_V_ERR_UNSPECIFIED;
         return 0;
+    }
     return asid_validate_path_internal(ctx, ctx->chain, NULL);
 }