More updates following review feedback (88809830) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

crypto/bio/b_print.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -805,7 +805,7 @@ static int
		doapr_outch(char **sbuffer,
		char *buffer, size_t currlen, size_t *maxlen, int c)
		{
		/* If we haven't at least one buffer, someone has doe a big booboo */
		/* If we haven't at least one buffer, someone has done a big booboo */
		if (!ossl_assert(*sbuffer != NULL \|\| buffer != NULL))
		return 0;

crypto/kdf/tls1_prf.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -184,7 +184,7 @@ static int tls1_prf_P_hash(const EVP_MD *md,
		int ret = 0;

		chunk = EVP_MD_size(md);
		if (!ossl_assert(chunk >= 0))
		if (!ossl_assert(chunk > 0))
		goto err;

		ctx = EVP_MD_CTX_new();

crypto/x509/x_x509.c

+0 −3

Original line number	Diff line number	Diff line
		@@ -145,9 +145,6 @@ static int i2d_x509_aux_internal(X509 a, unsigned char *pp)
		int length, tmplen;
		unsigned char start = pp != NULL ? pp : NULL;

		if (!ossl_assert(pp == NULL \|\| *pp != NULL))
		return -1;

		/*
		* This might perturb *pp on error, but fixing that belongs in i2d_X509()
		* not here. It should be that if a == NULL length is zero, but we check

crypto/x509v3/v3_addr.c

+3 −18

Original line number	Diff line number	Diff line
		@@ -496,8 +496,6 @@ static IPAddressFamily make_IPAddressFamily(IPAddrBlocks addr,

		for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
		f = sk_IPAddressFamily_value(addr, i);
		if (!ossl_assert(f->addressFamily->data != NULL))
		goto err;
		if (f->addressFamily->length == keylen &&
		!memcmp(f->addressFamily->data, key, keylen))
		return f;
		@@ -1201,11 +1199,6 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
		} else {
		i = 0;
		x = sk_X509_value(chain, i);
		if (!ossl_assert(x != NULL)) {
		if (ctx != NULL)
		ctx->error = X509_V_ERR_UNSPECIFIED;
		return 0;
		}
		if ((ext = x->rfc3779_addr) == NULL)
		goto done;
		}
		@@ -1227,11 +1220,6 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
		*/
		for (i++; i < sk_X509_num(chain); i++) {
		x = sk_X509_value(chain, i);
		if (!ossl_assert(x != NULL)) {
		if (ctx != NULL)
		ctx->error = X509_V_ERR_UNSPECIFIED;
		return 0;
		}
		if (!X509v3_addr_is_canonical(x->rfc3779_addr))
		validation_err(X509_V_ERR_INVALID_EXTENSION);
		if (x->rfc3779_addr == NULL) {
		@@ -1275,11 +1263,6 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
		/*
		* Trust anchor can't inherit.
		*/
		if (!ossl_assert(x != NULL)) {
		if (ctx != NULL)
		ctx->error = X509_V_ERR_UNSPECIFIED;
		return 0;
		}
		if (x->rfc3779_addr != NULL) {
		for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) {
		IPAddressFamily *fp =
		@@ -1304,8 +1287,10 @@ int X509v3_addr_validate_path(X509_STORE_CTX *ctx)
		{
		if (ctx->chain == NULL
		\|\| sk_X509_num(ctx->chain) == 0
		\|\| ctx->verify_cb == NULL)
		\|\| ctx->verify_cb == NULL) {
		ctx->error = X509_V_ERR_UNSPECIFIED;
		return 0;
		}
		return addr_validate_path_internal(ctx, ctx->chain, NULL);
		}

crypto/x509v3/v3_asid.c

+3 −6

Original line number	Diff line number	Diff line
		@@ -743,11 +743,6 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx,
		} else {
		i = 0;
		x = sk_X509_value(chain, i);
		if (!ossl_assert(x != NULL)) {
		if (ctx != NULL)
		ctx->error = X509_V_ERR_UNSPECIFIED;
		return 0;
		}
		if ((ext = x->rfc3779_asid) == NULL)
		goto done;
		}
		@@ -857,8 +852,10 @@ int X509v3_asid_validate_path(X509_STORE_CTX *ctx)
		{
		if (ctx->chain == NULL
		\|\| sk_X509_num(ctx->chain) == 0
		\|\| ctx->verify_cb == NULL)
		\|\| ctx->verify_cb == NULL) {
		ctx->error = X509_V_ERR_UNSPECIFIED;
		return 0;
		}
		return asid_validate_path_internal(ctx, ctx->chain, NULL);
		}