build: remove tautological if conditions

Spotted by LGTM.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/lib/hello_ext.c b/lib/hello_ext.c
index 32385f4c0edfe687c7a5f48a8614e71b2744099b..bb63623efb2b7245968396cfb790b29df34fe424 100644 (file)
--- a/lib/hello_ext.c
+++ b/lib/hello_ext.c
@@ -790,7 +790,8 @@ gnutls_ext_register(const char *name, int id, gnutls_ext_parse_type_t parse_poin
                        gid = extfunc[i]->gid + 1;
        }
 
-       if (gid > GNUTLS_EXTENSION_MAX_VALUE || gid >= sizeof(extfunc)/sizeof(extfunc[0]))
+       assert(gid < sizeof(extfunc)/sizeof(extfunc[0]));
+       if (gid > GNUTLS_EXTENSION_MAX_VALUE)
                return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
 
        tmp_mod = gnutls_calloc(1, sizeof(*tmp_mod));

diff --git a/lib/x509/name_constraints.c b/lib/x509/name_constraints.c
index 9b71853c6de0d4c4bd101d6ccf4089e090ea7f2d..6c1546ea81eca7a8c861055808127b956370e670 100644 (file)
--- a/lib/x509/name_constraints.c
+++ b/lib/x509/name_constraints.c
@@ -165,7 +165,8 @@ int _gnutls_extract_name_constraints(asn1_node c2, const char *vstr,
                tmp.data = NULL;
        }
 
-       if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+       assert(ret < 0);
+       if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
                gnutls_assert();
                goto cleanup;
        }

diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index 570e5e425cbb6d1646e53fc98a0d1c8545e9e1af..3aa088ecff005fb944dbee3b9e0910f4394f2033 100644 (file)
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -736,11 +736,9 @@ gnutls_x509_privkey_import2(gnutls_x509_privkey_t key,
                if (ret >= 0)
                        return ret;
 
-               if (ret < 0) {
-                       gnutls_assert();
-                       saved_ret = ret;
-                       /* fall through to PKCS #8 decoding */
-               }
+               gnutls_assert();
+               saved_ret = ret;
+               /* fall through to PKCS #8 decoding */
        }
 
        if ((password != NULL || (flags & GNUTLS_PKCS_NULL_PASSWORD))

diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index ac1b268f11217566a166bf753b32a7aa3ba6abf4..c7e35f7cae84fe87fed4a614b1573a05ffd8f88e 100644 (file)
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -1715,7 +1715,7 @@ gnutls_x509_crl_verify(gnutls_x509_crl_t crl,
                        if (verify)
                                *verify |= GNUTLS_CERT_INVALID;
                        goto cleanup;
-               } else if (result >= 0) {
+               } else {
                        result = 0; /* everything ok */
                }
        }

diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c
index c43bb172c3b01be4e149b04639fa06cbf86b5022..41b38bd85b6bb23d9d87c9bf7961f41ffd9aeb85 100644 (file)
--- a/lib/x509/x509_ext.c
+++ b/lib/x509/x509_ext.c
@@ -947,8 +947,9 @@ int gnutls_x509_ext_import_authority_key_id(const gnutls_datum_t * ext,
                        break;
        }
 
+       assert(ret < 0);
        aki->cert_issuer.size = i;
-       if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+       if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
            && ret != GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) {
                gnutls_assert();
                gnutls_free(san.data);
@@ -2864,8 +2865,9 @@ static int parse_aia(asn1_node c2, gnutls_x509_aia_t aia)
                        return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
                }
        }
-       
-       if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+
+       assert(ret < 0);
+       if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
                return ret;
        }
 

diff --git a/libdane/dane.c b/libdane/dane.c
index a7236f9f7be2213b06bd48afefbefede1d00a805..c9cbe8408a7372270e974c2c1039f123feadea39 100644 (file)
--- a/libdane/dane.c
+++ b/libdane/dane.c
@@ -934,6 +934,8 @@ dane_verify_session_crt(dane_state_t s,
        const gnutls_datum_t *cert_list;
        unsigned int cert_list_size = 0;
        unsigned int type;
+       gnutls_x509_crt_t crt, ca;
+       gnutls_certificate_credentials_t sc;
        int ret;
 
        cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
@@ -944,77 +946,72 @@ dane_verify_session_crt(dane_state_t s,
        type = gnutls_certificate_type_get(session);
 
        /* this list may be incomplete, try to get the self-signed CA if any */
-       if (cert_list_size > 0) {
-               gnutls_x509_crt_t crt, ca;
-               gnutls_certificate_credentials_t sc;
-
-               ret = gnutls_x509_crt_init(&crt);
-               if (ret < 0) {
-                       gnutls_assert();
-                       goto failsafe;
-               }
-
-               ret = gnutls_x509_crt_import(crt, &cert_list[cert_list_size-1], GNUTLS_X509_FMT_DER);
-               if (ret < 0) {
-                       gnutls_assert();
-                       gnutls_x509_crt_deinit(crt);
-                       goto failsafe;
-               }
+       ret = gnutls_x509_crt_init(&crt);
+       if (ret < 0) {
+               gnutls_assert();
+               goto failsafe;
+       }
 
-               /* if it is already self signed continue normally */
-               ret = gnutls_x509_crt_check_issuer(crt, crt);
-               if (ret != 0) {
-                       gnutls_assert();
-                       gnutls_x509_crt_deinit(crt);
-                       goto failsafe;
-               }
+       ret = gnutls_x509_crt_import(crt, &cert_list[cert_list_size-1], GNUTLS_X509_FMT_DER);
+       if (ret < 0) {
+               gnutls_assert();
+               gnutls_x509_crt_deinit(crt);
+               goto failsafe;
+       }
 
-               /* chain does not finish in a self signed cert, try to obtain the issuer */
-               ret = gnutls_credentials_get(session, GNUTLS_CRD_CERTIFICATE, (void**)&sc);
-               if (ret < 0) {
-                       gnutls_assert();
-                       gnutls_x509_crt_deinit(crt);
-                       goto failsafe;
-               }
+       /* if it is already self signed continue normally */
+       ret = gnutls_x509_crt_check_issuer(crt, crt);
+       if (ret != 0) {
+               gnutls_assert();
+               gnutls_x509_crt_deinit(crt);
+               goto failsafe;
+       }
 
-               ret = gnutls_certificate_get_issuer(sc, crt, &ca, 0);
-               if (ret < 0) {
-                       gnutls_assert();
-                       gnutls_x509_crt_deinit(crt);
-                       goto failsafe;
-               }
+       /* chain does not finish in a self signed cert, try to obtain the issuer */
+       ret = gnutls_credentials_get(session, GNUTLS_CRD_CERTIFICATE, (void**)&sc);
+       if (ret < 0) {
+               gnutls_assert();
+               gnutls_x509_crt_deinit(crt);
+               goto failsafe;
+       }
 
-               /* make the new list */
-               gnutls_datum_t *new_cert_list;
+       ret = gnutls_certificate_get_issuer(sc, crt, &ca, 0);
+       if (ret < 0) {
+               gnutls_assert();
+               gnutls_x509_crt_deinit(crt);
+               goto failsafe;
+       }
 
-               new_cert_list = gnutls_malloc((cert_list_size + 1) * sizeof(gnutls_datum_t));
-               if (new_cert_list == NULL) {
-                       gnutls_assert();
-                       gnutls_x509_crt_deinit(crt);
-                       goto failsafe;
-               }
+       /* make the new list */
+       gnutls_datum_t *new_cert_list;
 
-               memcpy(new_cert_list, cert_list, cert_list_size*sizeof(gnutls_datum_t));
+       new_cert_list = gnutls_malloc((cert_list_size + 1) * sizeof(gnutls_datum_t));
+       if (new_cert_list == NULL) {
+               gnutls_assert();
+               gnutls_x509_crt_deinit(crt);
+               goto failsafe;
+       }
 
-               ret = gnutls_x509_crt_export2(ca, GNUTLS_X509_FMT_DER, &new_cert_list[cert_list_size]);
-               if (ret < 0) {
-                       gnutls_assert();
-                       free(new_cert_list);
-                       gnutls_x509_crt_deinit(crt);
-                       goto failsafe;
-               }
+       memcpy(new_cert_list, cert_list, cert_list_size*sizeof(gnutls_datum_t));
 
-               ret = dane_verify_crt(s, new_cert_list, cert_list_size+1, type,
-                              hostname, proto, port, sflags, vflags,
-                              verify);
-               if (ret < 0) {
-                       gnutls_assert();
-               }
-               gnutls_free(new_cert_list[cert_list_size].data);
+       ret = gnutls_x509_crt_export2(ca, GNUTLS_X509_FMT_DER, &new_cert_list[cert_list_size]);
+       if (ret < 0) {
+               gnutls_assert();
                free(new_cert_list);
-               return ret;
+               gnutls_x509_crt_deinit(crt);
+               goto failsafe;
        }
 
+       ret = dane_verify_crt(s, new_cert_list, cert_list_size+1, type,
+                             hostname, proto, port, sflags, vflags,
+                             verify);
+       if (ret < 0) {
+               gnutls_assert();
+       }
+       gnutls_free(new_cert_list[cert_list_size].data);
+       free(new_cert_list);
+       return ret;
+
  failsafe:
        return dane_verify_crt(s, cert_list, cert_list_size, type,
                               hostname, proto, port, sflags, vflags,

diff --git a/src/systemkey.c b/src/systemkey.c
index 248fcbd942c46eb4b9c3327b48adf61f42eb7dd1..d1186c59a08a6fac1c293b40cb05211921ab88ee 100644 (file)
--- a/src/systemkey.c
+++ b/src/systemkey.c
@@ -151,7 +151,7 @@ static void systemkey_list(FILE * out)
                }
        } while(ret >= 0);
 
-       if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+       if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
                if (ret == GNUTLS_E_UNIMPLEMENTED_FEATURE) {
                        fprintf(stderr, "Native key store is not supported, or not present on this system\n");
                } else {