More updates following review feedback

author Matt Caswell <matt@openssl.org>

Wed, 2 Aug 2017 14:29:31 +0000 (15:29 +0100)

committer Matt Caswell <matt@openssl.org>

Mon, 21 Aug 2017 07:44:44 +0000 (08:44 +0100)
author Matt Caswell <matt@openssl.org>
Wed, 2 Aug 2017 14:29:31 +0000 (15:29 +0100)
committer Matt Caswell <matt@openssl.org>
Mon, 21 Aug 2017 07:44:44 +0000 (08:44 +0100)
diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c

index bca586da84fbe0482b8c6c923839f68994bcba1f..ebb6845dbd7bc7f86deed4e30a6326f2cf631711 100644 (file)
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -805,7 +805,7 @@ static int
  doapr_outch(char **sbuffer,
              char **buffer, size_t *currlen, size_t *maxlen, int c)
  {
-    /* If we haven't at least one buffer, someone has doe a big booboo */
+    /* If we haven't at least one buffer, someone has done a big booboo */
      if (!ossl_assert(*sbuffer != NULL || buffer != NULL))
          return 0;
  
diff --git a/crypto/kdf/tls1_prf.c b/crypto/kdf/tls1_prf.c

index ce8425d4d4fb7dcbde14fa4353dd813680144409..339e10c1b7c9e5cfb33cabf6078d769ffe7fb5f0 100644 (file)
--- a/crypto/kdf/tls1_prf.c
+++ b/crypto/kdf/tls1_prf.c
@@ -184,7 +184,7 @@ static int tls1_prf_P_hash(const EVP_MD *md,
      int ret = 0;
  
      chunk = EVP_MD_size(md);
-    if (!ossl_assert(chunk >= 0))
+    if (!ossl_assert(chunk > 0))
          goto err;
  
      ctx = EVP_MD_CTX_new();
diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c

index b45944851d4dbad463131591cf5ee26d9419b841..f83ebed175dba9ecc03049367e1b4cf3a882bfbc 100644 (file)
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -145,9 +145,6 @@ static int i2d_x509_aux_internal(X509 *a, unsigned char **pp)
      int length, tmplen;
      unsigned char *start = pp != NULL ? *pp : NULL;
  
-    if (!ossl_assert(pp == NULL || *pp != NULL))
-        return -1;
-
      /*
       * This might perturb *pp on error, but fixing that belongs in i2d_X509()
       * not here.  It should be that if a == NULL length is zero, but we check
diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c

index 64d27f26e545d9e13e050afc263fd4d6bcd2176a..f4e1298ca33af50e8d6e818ea9be08fbb6eecfae 100644 (file)
--- a/crypto/x509v3/v3_addr.c
+++ b/crypto/x509v3/v3_addr.c
@@ -496,8 +496,6 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
  
      for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
          f = sk_IPAddressFamily_value(addr, i);
-        if (!ossl_assert(f->addressFamily->data != NULL))
-            goto err;
          if (f->addressFamily->length == keylen &&
              !memcmp(f->addressFamily->data, key, keylen))
              return f;
@@ -1201,11 +1199,6 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
      } else {
          i = 0;
          x = sk_X509_value(chain, i);
-        if (!ossl_assert(x != NULL)) {
-            if (ctx != NULL)
-                ctx->error = X509_V_ERR_UNSPECIFIED;
-            return 0;
-        }
          if ((ext = x->rfc3779_addr) == NULL)
              goto done;
      }
@@ -1227,11 +1220,6 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
       */
      for (i++; i < sk_X509_num(chain); i++) {
          x = sk_X509_value(chain, i);
-        if (!ossl_assert(x != NULL)) {
-            if (ctx != NULL)
-                ctx->error = X509_V_ERR_UNSPECIFIED;
-            return 0;
-        }
          if (!X509v3_addr_is_canonical(x->rfc3779_addr))
              validation_err(X509_V_ERR_INVALID_EXTENSION);
          if (x->rfc3779_addr == NULL) {
@@ -1275,11 +1263,6 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
      /*
       * Trust anchor can't inherit.
       */
-    if (!ossl_assert(x != NULL)) {
-        if (ctx != NULL)
-            ctx->error = X509_V_ERR_UNSPECIFIED;
-        return 0;
-    }
      if (x->rfc3779_addr != NULL) {
          for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) {
              IPAddressFamily *fp =
@@ -1304,8 +1287,10 @@ int X509v3_addr_validate_path(X509_STORE_CTX *ctx)
  {
      if (ctx->chain == NULL
              || sk_X509_num(ctx->chain) == 0
-            || ctx->verify_cb == NULL)
+            || ctx->verify_cb == NULL) {
+        ctx->error = X509_V_ERR_UNSPECIFIED;
          return 0;
+    }
      return addr_validate_path_internal(ctx, ctx->chain, NULL);
  }
  
diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c

index 66259bae1bb19e3ead1dcae46760671934ef2079..6bc4afd38cf480b292c652c4f497df5304dac480 100644 (file)
--- a/crypto/x509v3/v3_asid.c
+++ b/crypto/x509v3/v3_asid.c
@@ -743,11 +743,6 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx,
      } else {
          i = 0;
          x = sk_X509_value(chain, i);
-        if (!ossl_assert(x != NULL)) {
-            if (ctx != NULL)
-                ctx->error = X509_V_ERR_UNSPECIFIED;
-            return 0;
-        }
          if ((ext = x->rfc3779_asid) == NULL)
              goto done;
      }
@@ -857,8 +852,10 @@ int X509v3_asid_validate_path(X509_STORE_CTX *ctx)
  {
      if (ctx->chain == NULL
              || sk_X509_num(ctx->chain) == 0
-            || ctx->verify_cb == NULL)
+            || ctx->verify_cb == NULL) {
+        ctx->error = X509_V_ERR_UNSPECIFIED;
          return 0;
+    }
      return asid_validate_path_internal(ctx, ctx->chain, NULL);
  }
author	Matt Caswell <matt@openssl.org>
	Wed, 2 Aug 2017 14:29:31 +0000 (15:29 +0100)
committer	Matt Caswell <matt@openssl.org>
	Mon, 21 Aug 2017 07:44:44 +0000 (08:44 +0100)
crypto/bio/b_print.c		patch \| blob \| blame \| history
crypto/kdf/tls1_prf.c		patch \| blob \| blame \| history
crypto/x509/x_x509.c		patch \| blob \| blame \| history
crypto/x509v3/v3_addr.c		patch \| blob \| blame \| history
crypto/x509v3/v3_asid.c		patch \| blob \| blame \| history