1 files changed, 14 insertions, 19 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_addr.c b/src/lib/libcrypto/x509v3/v3_addr.c
index efdf7c3ba7..a37f844d3c 100644
--- a/src/lib/libcrypto/x509v3/v3_addr.c
+++ b/src/lib/libcrypto/x509v3/v3_addr.c
@@ -61,7 +61,7 @@
 #include <stdio.h>
 #include <stdlib.h>
+#include <assert.h>
 #include "cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
@@ -128,7 +128,7 @@ static int length_from_afi(const unsigned afi)
 /*
 * Extract the AFI from an IPAddressFamily.
 */
-unsigned int v3_addr_get_afi(const IPAddressFamily *f)
+unsigned v3_addr_get_afi(const IPAddressFamily *f)
 {
  return ((f != NULL &&
           f->addressFamily != NULL &&
@@ -147,7 +147,7 @@ static void addr_expand(unsigned char *addr,
                        const int length,
                        const unsigned char fill)
 {
-  OPENSSL_assert(bs->length >= 0 && bs->length <= length);
+  assert(bs->length >= 0 && bs->length <= length);
  if (bs->length > 0) {
    memcpy(addr, bs->data, bs->length);
    if ((bs->flags & 7) != 0) {
@@ -190,8 +190,6 @@ static int i2r_address(BIO *out,
      BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i+1], (i < 14 ? ":" : ""));
    if (i < 16)
      BIO_puts(out, ":");
-    if (i == 0)
-      BIO_puts(out, ":");
    break;
  default:
    for (i = 0; i < bs->length; i++)
@@ -245,7 +243,7 @@ static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method,
  int i;
  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
-    const unsigned int afi = v3_addr_get_afi(f);
+    const unsigned afi = v3_addr_get_afi(f);
    switch (afi) {
    case IANA_AFI_IPV4:
      BIO_printf(out, "%*sIPv4", indent, "");
@@ -455,7 +453,7 @@ static int make_addressRange(IPAddressOrRange **result,
  if ((aor = IPAddressOrRange_new()) == NULL)
    return 0;
  aor->type = IPAddressOrRange_addressRange;
-  OPENSSL_assert(aor->u.addressRange == NULL);
+  assert(aor->u.addressRange == NULL);
  if ((aor->u.addressRange = IPAddressRange_new()) == NULL)
    goto err;
  if (aor->u.addressRange->min == NULL &&
@@ -524,7 +522,7 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
    f = sk_IPAddressFamily_value(addr, i);
-    OPENSSL_assert(f->addressFamily->data != NULL);
+    assert(f->addressFamily->data != NULL);
    if (f->addressFamily->length == keylen &&
        !memcmp(f->addressFamily->data, key, keylen))
      return f;
@@ -656,7 +654,7 @@ static void extract_min_max(IPAddressOrRange *aor,
                            unsigned char *max,
                            int length)
 {
-  OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
+  assert(aor != NULL && min != NULL && max != NULL);
  switch (aor->type) {
  case IPAddressOrRange_addressPrefix:
    addr_expand(min, aor->u.addressPrefix, length, 0x00);
@@ -882,7 +880,7 @@ int v3_addr_canonize(IPAddrBlocks *addr)
  }
  (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
  sk_IPAddressFamily_sort(addr);
-  OPENSSL_assert(v3_addr_is_canonical(addr));
+  assert(v3_addr_is_canonical(addr));
  return 1;
 }
@@ -1129,10 +1127,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
  for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
    IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
    int j = sk_IPAddressFamily_find(b, fa);
-    IPAddressFamily *fb;
+    IPAddressFamily *fb = sk_IPAddressFamily_value(b, j);
-    fb = sk_IPAddressFamily_value(b, j);
-    if (fb == NULL)
-       return 0;
    if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, 
                       fa->ipAddressChoice->u.addressesOrRanges,
                       length_from_afi(v3_addr_get_afi(fb))))
@@ -1169,9 +1164,9 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
  int i, j, ret = 1;
  X509 *x = NULL;
-  OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
+  assert(chain != NULL && sk_X509_num(chain) > 0);
-  OPENSSL_assert(ctx != NULL || ext != NULL);
+  assert(ctx != NULL || ext != NULL);
-  OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
+  assert(ctx == NULL || ctx->verify_cb != NULL);
  /*
   * Figure out where to start.  If we don't have an extension to
@@ -1183,7 +1178,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
  } else {
    i = 0;
    x = sk_X509_value(chain, i);
-    OPENSSL_assert(x != NULL);
+    assert(x != NULL);
    if ((ext = x->rfc3779_addr) == NULL)
      goto done;
  }
@@ -1202,7 +1197,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
   */
  for (i++; i < sk_X509_num(chain); i++) {
    x = sk_X509_value(chain, i);
-    OPENSSL_assert(x != NULL);
+    assert(x != NULL);
    if (!v3_addr_is_canonical(x->rfc3779_addr))
      validation_err(X509_V_ERR_INVALID_EXTENSION);
    if (x->rfc3779_addr == NULL) {

diff --git a/src/lib/libcrypto/x509v3/v3_addr.c b/src/lib/libcrypto/x509v3/v3_addr.c index efdf7c3ba7..a37f844d3c 100644 --- a/src/lib/libcrypto/x509v3/v3_addr.c +++ b/src/lib/libcrypto/x509v3/v3_addr.c
@@ -61,7 +61,7 @@
61		61
62	#include <stdio.h>	62	#include <stdio.h>
63	#include <stdlib.h>	63	#include <stdlib.h>
64		64	#include <assert.h>
65	#include "cryptlib.h"	65	#include "cryptlib.h"
66	#include <openssl/conf.h>	66	#include <openssl/conf.h>
67	#include <openssl/asn1.h>	67	#include <openssl/asn1.h>
@@ -128,7 +128,7 @@ static int length_from_afi(const unsigned afi)
128	/*	128	/*
129	* Extract the AFI from an IPAddressFamily.	129	* Extract the AFI from an IPAddressFamily.
130	*/	130	*/
131	unsigned int v3_addr_get_afi(const IPAddressFamily *f)	131	unsigned v3_addr_get_afi(const IPAddressFamily *f)
132	{	132	{
133	return ((f != NULL &&	133	return ((f != NULL &&
134	f->addressFamily != NULL &&	134	f->addressFamily != NULL &&
@@ -147,7 +147,7 @@ static void addr_expand(unsigned char *addr,
147	const int length,	147	const int length,
148	const unsigned char fill)	148	const unsigned char fill)
149	{	149	{
150	OPENSSL_assert(bs->length >= 0 && bs->length <= length);	150	assert(bs->length >= 0 && bs->length <= length);
151	if (bs->length > 0) {	151	if (bs->length > 0) {
152	memcpy(addr, bs->data, bs->length);	152	memcpy(addr, bs->data, bs->length);
153	if ((bs->flags & 7) != 0) {	153	if ((bs->flags & 7) != 0) {
@@ -190,8 +190,6 @@ static int i2r_address(BIO *out,
190	BIO_printf(out, "%x%s", (addr[i] << 8) \| addr[i+1], (i < 14 ? ":" : ""));	190	BIO_printf(out, "%x%s", (addr[i] << 8) \| addr[i+1], (i < 14 ? ":" : ""));
191	if (i < 16)	191	if (i < 16)
192	BIO_puts(out, ":");	192	BIO_puts(out, ":");
193	if (i == 0)
194	BIO_puts(out, ":");
195	break;	193	break;
196	default:	194	default:
197	for (i = 0; i < bs->length; i++)	195	for (i = 0; i < bs->length; i++)
@@ -245,7 +243,7 @@ static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method,
245	int i;	243	int i;
246	for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {	244	for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
247	IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);	245	IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
248	const unsigned int afi = v3_addr_get_afi(f);	246	const unsigned afi = v3_addr_get_afi(f);
249	switch (afi) {	247	switch (afi) {
250	case IANA_AFI_IPV4:	248	case IANA_AFI_IPV4:
251	BIO_printf(out, "%*sIPv4", indent, "");	249	BIO_printf(out, "%*sIPv4", indent, "");
@@ -455,7 +453,7 @@ static int make_addressRange(IPAddressOrRange **result,
455	if ((aor = IPAddressOrRange_new()) == NULL)	453	if ((aor = IPAddressOrRange_new()) == NULL)
456	return 0;	454	return 0;
457	aor->type = IPAddressOrRange_addressRange;	455	aor->type = IPAddressOrRange_addressRange;
458	OPENSSL_assert(aor->u.addressRange == NULL);	456	assert(aor->u.addressRange == NULL);
459	if ((aor->u.addressRange = IPAddressRange_new()) == NULL)	457	if ((aor->u.addressRange = IPAddressRange_new()) == NULL)
460	goto err;	458	goto err;
461	if (aor->u.addressRange->min == NULL &&	459	if (aor->u.addressRange->min == NULL &&
@@ -524,7 +522,7 @@ static IPAddressFamily make_IPAddressFamily(IPAddrBlocks addr,
524		522
525	for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {	523	for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
526	f = sk_IPAddressFamily_value(addr, i);	524	f = sk_IPAddressFamily_value(addr, i);
527	OPENSSL_assert(f->addressFamily->data != NULL);	525	assert(f->addressFamily->data != NULL);
528	if (f->addressFamily->length == keylen &&	526	if (f->addressFamily->length == keylen &&
529	!memcmp(f->addressFamily->data, key, keylen))	527	!memcmp(f->addressFamily->data, key, keylen))
530	return f;	528	return f;
@@ -656,7 +654,7 @@ static void extract_min_max(IPAddressOrRange *aor,
656	unsigned char *max,	654	unsigned char *max,
657	int length)	655	int length)
658	{	656	{
659	OPENSSL_assert(aor != NULL && min != NULL && max != NULL);	657	assert(aor != NULL && min != NULL && max != NULL);
660	switch (aor->type) {	658	switch (aor->type) {
661	case IPAddressOrRange_addressPrefix:	659	case IPAddressOrRange_addressPrefix:
662	addr_expand(min, aor->u.addressPrefix, length, 0x00);	660	addr_expand(min, aor->u.addressPrefix, length, 0x00);
@@ -882,7 +880,7 @@ int v3_addr_canonize(IPAddrBlocks *addr)
882	}	880	}
883	(void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);	881	(void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
884	sk_IPAddressFamily_sort(addr);	882	sk_IPAddressFamily_sort(addr);
885	OPENSSL_assert(v3_addr_is_canonical(addr));	883	assert(v3_addr_is_canonical(addr));
886	return 1;	884	return 1;
887	}	885	}
888		886
@@ -1129,10 +1127,7 @@ int v3_addr_subset(IPAddrBlocks a, IPAddrBlocks b)
1129	for (i = 0; i < sk_IPAddressFamily_num(a); i++) {	1127	for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
1130	IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);	1128	IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
1131	int j = sk_IPAddressFamily_find(b, fa);	1129	int j = sk_IPAddressFamily_find(b, fa);
1132	IPAddressFamily *fb;	1130	IPAddressFamily *fb = sk_IPAddressFamily_value(b, j);
1133	fb = sk_IPAddressFamily_value(b, j);
1134	if (fb == NULL)
1135	return 0;
1136	if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges,	1131	if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges,
1137	fa->ipAddressChoice->u.addressesOrRanges,	1132	fa->ipAddressChoice->u.addressesOrRanges,
1138	length_from_afi(v3_addr_get_afi(fb))))	1133	length_from_afi(v3_addr_get_afi(fb))))
@@ -1169,9 +1164,9 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
1169	int i, j, ret = 1;	1164	int i, j, ret = 1;
1170	X509 *x = NULL;	1165	X509 *x = NULL;
1171		1166
1172	OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);	1167	assert(chain != NULL && sk_X509_num(chain) > 0);
1173	OPENSSL_assert(ctx != NULL \|\| ext != NULL);	1168	assert(ctx != NULL \|\| ext != NULL);
1174	OPENSSL_assert(ctx == NULL \|\| ctx->verify_cb != NULL);	1169	assert(ctx == NULL \|\| ctx->verify_cb != NULL);
1175		1170
1176	/*	1171	/*
1177	* Figure out where to start. If we don't have an extension to	1172	* Figure out where to start. If we don't have an extension to
@@ -1183,7 +1178,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
1183	} else {	1178	} else {
1184	i = 0;	1179	i = 0;
1185	x = sk_X509_value(chain, i);	1180	x = sk_X509_value(chain, i);
1186	OPENSSL_assert(x != NULL);	1181	assert(x != NULL);
1187	if ((ext = x->rfc3779_addr) == NULL)	1182	if ((ext = x->rfc3779_addr) == NULL)
1188	goto done;	1183	goto done;
1189	}	1184	}
@@ -1202,7 +1197,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
1202	*/	1197	*/
1203	for (i++; i < sk_X509_num(chain); i++) {	1198	for (i++; i < sk_X509_num(chain); i++) {
1204	x = sk_X509_value(chain, i);	1199	x = sk_X509_value(chain, i);
1205	OPENSSL_assert(x != NULL);	1200	assert(x != NULL);
1206	if (!v3_addr_is_canonical(x->rfc3779_addr))	1201	if (!v3_addr_is_canonical(x->rfc3779_addr))
1207	validation_err(X509_V_ERR_INVALID_EXTENSION);	1202	validation_err(X509_V_ERR_INVALID_EXTENSION);
1208	if (x->rfc3779_addr == NULL) {	1203	if (x->rfc3779_addr == NULL) {