diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_addr.c | 13 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509/x509_asid.c | 39 |
2 files changed, 17 insertions, 35 deletions
diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c index 7a35b21332..0781ce37a9 100644 --- a/src/lib/libcrypto/x509/x509_addr.c +++ b/src/lib/libcrypto/x509/x509_addr.c | |||
| @@ -1063,8 +1063,7 @@ int X509v3_addr_canonize(IPAddrBlocks *addr) | |||
| 1063 | } | 1063 | } |
| 1064 | (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); | 1064 | (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); |
| 1065 | sk_IPAddressFamily_sort(addr); | 1065 | sk_IPAddressFamily_sort(addr); |
| 1066 | if (!OPENSSL_assert(X509v3_addr_is_canonical(addr))) | 1066 | OPENSSL_assert(X509v3_addr_is_canonical(addr)); |
| 1067 | return 0; | ||
| 1068 | return 1; | 1067 | return 1; |
| 1069 | } | 1068 | } |
| 1070 | 1069 | ||
| @@ -1362,13 +1361,9 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, | |||
| 1362 | int i, j, ret = 1; | 1361 | int i, j, ret = 1; |
| 1363 | X509 *x; | 1362 | X509 *x; |
| 1364 | 1363 | ||
| 1365 | if (!OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0) | 1364 | OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); |
| 1366 | || !OPENSSL_assert(ctx != NULL || ext != NULL) | 1365 | OPENSSL_assert(ctx != NULL || ext != NULL); |
| 1367 | || !OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL)) { | 1366 | OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL); |
| 1368 | if (ctx != NULL) | ||
| 1369 | ctx->error = X509_V_ERR_UNSPECIFIED; | ||
| 1370 | return 0; | ||
| 1371 | } | ||
| 1372 | 1367 | ||
| 1373 | /* | 1368 | /* |
| 1374 | * Figure out where to start. If we don't have an extension to | 1369 | * Figure out where to start. If we don't have an extension to |
diff --git a/src/lib/libcrypto/x509/x509_asid.c b/src/lib/libcrypto/x509/x509_asid.c index 9a0992b8a6..e774b097dc 100644 --- a/src/lib/libcrypto/x509/x509_asid.c +++ b/src/lib/libcrypto/x509/x509_asid.c | |||
| @@ -304,11 +304,11 @@ static int ASIdOrRange_cmp(const ASIdOrRange *const *a_, | |||
| 304 | const ASIdOrRange *a = *a_, *b = *b_; | 304 | const ASIdOrRange *a = *a_, *b = *b_; |
| 305 | 305 | ||
| 306 | /* XXX: these asserts need to be replaced */ | 306 | /* XXX: these asserts need to be replaced */ |
| 307 | assert((a->type == ASIdOrRange_id && a->u.id != NULL) || | 307 | OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) || |
| 308 | (a->type == ASIdOrRange_range && a->u.range != NULL && | 308 | (a->type == ASIdOrRange_range && a->u.range != NULL && |
| 309 | a->u.range->min != NULL && a->u.range->max != NULL)); | 309 | a->u.range->min != NULL && a->u.range->max != NULL)); |
| 310 | 310 | ||
| 311 | assert((b->type == ASIdOrRange_id && b->u.id != NULL) || | 311 | OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) || |
| 312 | (b->type == ASIdOrRange_range && b->u.range != NULL && | 312 | (b->type == ASIdOrRange_range && b->u.range != NULL && |
| 313 | b->u.range->min != NULL && b->u.range->max != NULL)); | 313 | b->u.range->min != NULL && b->u.range->max != NULL)); |
| 314 | 314 | ||
| @@ -414,8 +414,8 @@ int X509v3_asid_add_id_or_range(ASIdentifiers *asid, | |||
| 414 | static int extract_min_max(ASIdOrRange *aor, | 414 | static int extract_min_max(ASIdOrRange *aor, |
| 415 | ASN1_INTEGER **min, ASN1_INTEGER **max) | 415 | ASN1_INTEGER **min, ASN1_INTEGER **max) |
| 416 | { | 416 | { |
| 417 | if (!OPENSSL_assert(aor != NULL)) | 417 | OPENSSL_assert(aor != NULL); |
| 418 | return 0; | 418 | |
| 419 | switch (aor->type) { | 419 | switch (aor->type) { |
| 420 | case ASIdOrRange_id: | 420 | case ASIdOrRange_id: |
| 421 | *min = aor->u.id; | 421 | *min = aor->u.id; |
| @@ -577,8 +577,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) | |||
| 577 | /* | 577 | /* |
| 578 | * Make sure we're properly sorted (paranoia). | 578 | * Make sure we're properly sorted (paranoia). |
| 579 | */ | 579 | */ |
| 580 | if (!OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0)) | 580 | OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0); |
| 581 | goto done; | ||
| 582 | 581 | ||
| 583 | /* | 582 | /* |
| 584 | * Punt inverted ranges. | 583 | * Punt inverted ranges. |
| @@ -663,8 +662,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) | |||
| 663 | } | 662 | } |
| 664 | 663 | ||
| 665 | /* Paranoia */ | 664 | /* Paranoia */ |
| 666 | if (!OPENSSL_assert(ASIdentifierChoice_is_canonical(choice))) | 665 | OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); |
| 667 | goto done; | ||
| 668 | 666 | ||
| 669 | ret = 1; | 667 | ret = 1; |
| 670 | 668 | ||
| @@ -907,14 +905,9 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx, | |||
| 907 | int i, ret = 1, inherit_as = 0, inherit_rdi = 0; | 905 | int i, ret = 1, inherit_as = 0, inherit_rdi = 0; |
| 908 | X509 *x; | 906 | X509 *x; |
| 909 | 907 | ||
| 910 | if (!OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0) | 908 | OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); |
| 911 | || !OPENSSL_assert(ctx != NULL || ext != NULL) | 909 | OPENSSL_assert(ctx != NULL || ext != NULL); |
| 912 | || !OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL)) { | 910 | OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL); |
| 913 | if (ctx != NULL) | ||
| 914 | ctx->error = X509_V_ERR_UNSPECIFIED; | ||
| 915 | return 0; | ||
| 916 | } | ||
| 917 | |||
| 918 | 911 | ||
| 919 | /* | 912 | /* |
| 920 | * Figure out where to start. If we don't have an extension to | 913 | * Figure out where to start. If we don't have an extension to |
| @@ -959,11 +952,8 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx, | |||
| 959 | */ | 952 | */ |
| 960 | for (i++; i < sk_X509_num(chain); i++) { | 953 | for (i++; i < sk_X509_num(chain); i++) { |
| 961 | x = sk_X509_value(chain, i); | 954 | x = sk_X509_value(chain, i); |
| 962 | if (!OPENSSL_assert(x != NULL)) { | 955 | OPENSSL_assert(x != NULL); |
| 963 | if (ctx != NULL) | 956 | |
| 964 | ctx->error = X509_V_ERR_UNSPECIFIED; | ||
| 965 | return 0; | ||
| 966 | } | ||
| 967 | if (x->rfc3779_asid == NULL) { | 957 | if (x->rfc3779_asid == NULL) { |
| 968 | if (child_as != NULL || child_rdi != NULL) | 958 | if (child_as != NULL || child_rdi != NULL) |
| 969 | validation_err(X509_V_ERR_UNNESTED_RESOURCE); | 959 | validation_err(X509_V_ERR_UNNESTED_RESOURCE); |
| @@ -1009,11 +999,8 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx, | |||
| 1009 | /* | 999 | /* |
| 1010 | * Trust anchor can't inherit. | 1000 | * Trust anchor can't inherit. |
| 1011 | */ | 1001 | */ |
| 1012 | if (!OPENSSL_assert(x != NULL)) { | 1002 | OPENSSL_assert(x != NULL); |
| 1013 | if (ctx != NULL) | 1003 | |
| 1014 | ctx->error = X509_V_ERR_UNSPECIFIED; | ||
| 1015 | return 0; | ||
| 1016 | } | ||
| 1017 | if (x->rfc3779_asid != NULL) { | 1004 | if (x->rfc3779_asid != NULL) { |
| 1018 | if (x->rfc3779_asid->asnum != NULL && | 1005 | if (x->rfc3779_asid->asnum != NULL && |
| 1019 | x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit) | 1006 | x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit) |