summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndy Polyakov <appro@openssl.org>2018-08-05 16:50:41 +0200
committerAndy Polyakov <appro@openssl.org>2018-08-07 08:56:54 +0200
commit5b37fef04a2b765835361f0652aaa0c41ed1b842 (patch)
tree47677e73f897a8b5921437c53c93070e61dec321
parentx509/x509name.c: fix potential crash in X509_NAME_get_text_by_OBJ. (diff)
downloadopenssl-5b37fef04a2b765835361f0652aaa0c41ed1b842.tar.xz
openssl-5b37fef04a2b765835361f0652aaa0c41ed1b842.zip
Harmonize use of sk_TYPE_find's return value.
In some cases it's about redundant check for return value, in some cases it's about replacing check for -1 with comparison to 0. Otherwise compiler might generate redundant check for <-1. [Even formatting and readability fixes.] Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6860)
-rw-r--r--crypto/asn1/asn_mime.c4
-rw-r--r--crypto/evp/evp_pbe.c5
-rw-r--r--crypto/objects/obj_xref.c5
-rw-r--r--crypto/x509/by_dir.c10
-rw-r--r--crypto/x509/x509_lu.c11
-rw-r--r--crypto/x509/x509_trs.c7
-rw-r--r--crypto/x509/x509_vpm.c9
-rw-r--r--crypto/x509/x_crl.c10
-rw-r--r--crypto/x509v3/pcy_cache.c10
-rw-r--r--crypto/x509v3/pcy_node.c3
-rw-r--r--crypto/x509v3/pcy_tree.c2
-rw-r--r--crypto/x509v3/v3_lib.c2
-rw-r--r--crypto/x509v3/v3_purp.c7
-rw-r--r--ssl/ssl_ciph.c5
14 files changed, 38 insertions, 52 deletions
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
index aa92a8e115..dfd5be6347 100644
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -883,8 +883,6 @@ static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, const char *name)
htmp.params = NULL;
idx = sk_MIME_HEADER_find(hdrs, &htmp);
- if (idx < 0)
- return NULL;
return sk_MIME_HEADER_value(hdrs, idx);
}
@@ -896,8 +894,6 @@ static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, const char *name)
param.param_name = (char *)name;
param.param_value = NULL;
idx = sk_MIME_PARAM_find(hdr->params, &param);
- if (idx < 0)
- return NULL;
return sk_MIME_PARAM_value(hdr->params, idx);
}
diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
index 0cebd2df1d..f80fc064bd 100644
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -217,10 +217,9 @@ int EVP_PBE_find(int type, int pbe_nid,
pbelu.pbe_type = type;
pbelu.pbe_nid = pbe_nid;
- if (pbe_algs) {
+ if (pbe_algs != NULL) {
i = sk_EVP_PBE_CTL_find(pbe_algs, &pbelu);
- if (i != -1)
- pbetmp = sk_EVP_PBE_CTL_value(pbe_algs, i);
+ pbetmp = sk_EVP_PBE_CTL_value(pbe_algs, i);
}
if (pbetmp == NULL) {
pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe, OSSL_NELEM(builtin_pbe));
diff --git a/crypto/objects/obj_xref.c b/crypto/objects/obj_xref.c
index 42d204ca4c..faf59eb20c 100644
--- a/crypto/objects/obj_xref.c
+++ b/crypto/objects/obj_xref.c
@@ -46,10 +46,9 @@ int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
const nid_triple *rv = NULL;
tmp.sign_id = signid;
- if (sig_app) {
+ if (sig_app != NULL) {
int idx = sk_nid_triple_find(sig_app, &tmp);
- if (idx >= 0)
- rv = sk_nid_triple_value(sig_app, idx);
+ rv = sk_nid_triple_value(sig_app, idx);
}
#ifndef OBJ_XREF_TEST2
if (rv == NULL) {
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index 9d5a571c59..11ac52ce3c 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -329,10 +329,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
*/
CRYPTO_THREAD_write_lock(ctx->lock);
j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp);
- if (j != -1)
- tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
- else
- tmp = NULL;
+ tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
CRYPTO_THREAD_unlock(ctx->lock);
/* If a CRL, update the last file suffix added for this */
@@ -343,11 +340,10 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
* Look for entry again in case another thread added an entry
* first.
*/
- if (!hent) {
+ if (hent == NULL) {
htmp.hash = h;
idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
- if (idx >= 0)
- hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
+ hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
}
if (hent == NULL) {
hent = OPENSSL_malloc(sizeof(*hent));
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index e7b1b8521c..be39015b0d 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -619,17 +619,18 @@ STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
X509_OBJECT *x)
{
- int idx, i;
+ int idx, i, num;
X509_OBJECT *obj;
+
idx = sk_X509_OBJECT_find(h, x);
- if (idx == -1)
+ if (idx < 0)
return NULL;
if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL))
return sk_X509_OBJECT_value(h, idx);
- for (i = idx; i < sk_X509_OBJECT_num(h); i++) {
+ for (i = idx, num = sk_X509_OBJECT_num(h); i < num; i++) {
obj = sk_X509_OBJECT_value(h, i);
- if (x509_object_cmp
- ((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
+ if (x509_object_cmp((const X509_OBJECT **)&obj,
+ (const X509_OBJECT **)&x))
return NULL;
if (x->type == X509_LU_X509) {
if (!X509_cmp(obj->data.x509, x->data.x509))
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
index a9bb88d1e1..d2b0a8af63 100644
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@@ -98,13 +98,14 @@ int X509_TRUST_get_by_id(int id)
{
X509_TRUST tmp;
int idx;
+
if ((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
return id - X509_TRUST_MIN;
- tmp.trust = id;
- if (!trtable)
+ if (trtable == NULL)
return -1;
+ tmp.trust = id;
idx = sk_X509_TRUST_find(trtable, &tmp);
- if (idx == -1)
+ if (idx < 0)
return -1;
return idx + X509_TRUST_COUNT;
}
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 16d27f91b5..aea186295c 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -555,10 +555,9 @@ int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
return 0;
} else {
idx = sk_X509_VERIFY_PARAM_find(param_table, param);
- if (idx != -1) {
- ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx);
+ if (idx >= 0) {
+ ptmp = sk_X509_VERIFY_PARAM_delete(param_table, idx);
X509_VERIFY_PARAM_free(ptmp);
- (void)sk_X509_VERIFY_PARAM_delete(param_table, idx);
}
}
if (!sk_X509_VERIFY_PARAM_push(param_table, param))
@@ -588,9 +587,9 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
X509_VERIFY_PARAM pm;
pm.name = (char *)name;
- if (param_table) {
+ if (param_table != NULL) {
idx = sk_X509_VERIFY_PARAM_find(param_table, &pm);
- if (idx != -1)
+ if (idx >= 0)
return sk_X509_VERIFY_PARAM_value(param_table, idx);
}
return OBJ_bsearch_table(&pm, default_table, OSSL_NELEM(default_table));
diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
index c0099e0fec..10733b58bc 100644
--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.c
@@ -383,8 +383,11 @@ static int def_crl_lookup(X509_CRL *crl,
X509_NAME *issuer)
{
X509_REVOKED rtmp, *rev;
- int idx;
- rtmp.serialNumber = *serial;
+ int idx, num;
+
+ if (crl->crl.revoked == NULL)
+ return 0;
+
/*
* Sort revoked into serial number order if not already sorted. Do this
* under a lock to avoid race condition.
@@ -394,11 +397,12 @@ static int def_crl_lookup(X509_CRL *crl,
sk_X509_REVOKED_sort(crl->crl.revoked);
CRYPTO_THREAD_unlock(crl->lock);
}
+ rtmp.serialNumber = *serial;
idx = sk_X509_REVOKED_find(crl->crl.revoked, &rtmp);
if (idx < 0)
return 0;
/* Need to look for matching name */
- for (; idx < sk_X509_REVOKED_num(crl->crl.revoked); idx++) {
+ for (num = sk_X509_REVOKED_num(crl->crl.revoked); idx < num; idx++) {
rev = sk_X509_REVOKED_value(crl->crl.revoked, idx);
if (ASN1_INTEGER_cmp(&rev->serialNumber, serial))
return 0;
diff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c
index 7873a4246c..623870b1f6 100644
--- a/crypto/x509v3/pcy_cache.c
+++ b/crypto/x509v3/pcy_cache.c
@@ -26,19 +26,19 @@ static int policy_cache_set_int(long *out, ASN1_INTEGER *value);
static int policy_cache_create(X509 *x,
CERTIFICATEPOLICIES *policies, int crit)
{
- int i, ret = 0;
+ int i, num, ret = 0;
X509_POLICY_CACHE *cache = x->policy_cache;
X509_POLICY_DATA *data = NULL;
POLICYINFO *policy;
- if (sk_POLICYINFO_num(policies) == 0)
+ if ((num = sk_POLICYINFO_num(policies)) <= 0)
goto bad_policy;
cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp);
if (cache->data == NULL) {
X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE);
goto just_cleanup;
}
- for (i = 0; i < sk_POLICYINFO_num(policies); i++) {
+ for (i = 0; i < num; i++) {
policy = sk_POLICYINFO_value(policies, i);
data = policy_data_new(policy, NULL, crit);
if (data == NULL) {
@@ -54,7 +54,7 @@ static int policy_cache_create(X509 *x,
goto bad_policy;
}
cache->anyPolicy = data;
- } else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1) {
+ } else if (sk_X509_POLICY_DATA_find(cache->data, data) >=0 ) {
ret = -1;
goto bad_policy;
} else if (!sk_X509_POLICY_DATA_push(cache->data, data)) {
@@ -204,8 +204,6 @@ X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
X509_POLICY_DATA tmp;
tmp.valid_policy = (ASN1_OBJECT *)id;
idx = sk_X509_POLICY_DATA_find(cache->data, &tmp);
- if (idx == -1)
- return NULL;
return sk_X509_POLICY_DATA_value(cache->data, idx);
}
diff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c
index db4d71f819..1ffe98498b 100644
--- a/crypto/x509v3/pcy_node.c
+++ b/crypto/x509v3/pcy_node.c
@@ -36,9 +36,6 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes,
l.data = &n;
idx = sk_X509_POLICY_NODE_find(nodes, &l);
- if (idx == -1)
- return NULL;
-
return sk_X509_POLICY_NODE_value(nodes, idx);
}
diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
index 9a1e208885..87f51d001b 100644
--- a/crypto/x509v3/pcy_tree.c
+++ b/crypto/x509v3/pcy_tree.c
@@ -442,7 +442,7 @@ static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes,
if (*pnodes == NULL &&
(*pnodes = policy_node_cmp_new()) == NULL)
return 0;
- if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1)
+ if (sk_X509_POLICY_NODE_find(*pnodes, pcy) >= 0)
return 1;
return sk_X509_POLICY_NODE_push(*pnodes, pcy) != 0;
}
diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c
index f51aa9624c..e11e51b6e0 100644
--- a/crypto/x509v3/v3_lib.c
+++ b/crypto/x509v3/v3_lib.c
@@ -64,8 +64,6 @@ const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
if (!ext_list)
return NULL;
idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
- if (idx == -1)
- return NULL;
return sk_X509V3_EXT_METHOD_value(ext_list, idx);
}
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index 1ba1ce8373..b42151295f 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -133,13 +133,14 @@ int X509_PURPOSE_get_by_id(int purpose)
{
X509_PURPOSE tmp;
int idx;
+
if ((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
return purpose - X509_PURPOSE_MIN;
- tmp.purpose = purpose;
- if (!xptable)
+ if (xptable == NULL)
return -1;
+ tmp.purpose = purpose;
idx = sk_X509_PURPOSE_find(xptable, &tmp);
- if (idx == -1)
+ if (idx < 0)
return -1;
return idx + X509_PURPOSE_COUNT;
}
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 9011e42fa8..b60cc79a2f 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -505,10 +505,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
ctmp.id = s->compress_meth;
if (ssl_comp_methods != NULL) {
i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp);
- if (i >= 0)
- *comp = sk_SSL_COMP_value(ssl_comp_methods, i);
- else
- *comp = NULL;
+ *comp = sk_SSL_COMP_value(ssl_comp_methods, i);
}
/* If were only interested in comp then return success */
if ((enc == NULL) && (md == NULL))