diff options
| author | Daiki Ueno <ueno@gnu.org> | 2021-09-09 09:46:04 +0200 |
|---|---|---|
| committer | Daiki Ueno <ueno@gnu.org> | 2021-09-09 09:54:59 +0200 |
| commit | 3abd9cac341340b3dddc9c2ab3af42140d402d2e (patch) | |
| tree | aaa2327d5649e8b14226afaaf3b5bd7aced25d32 | |
| parent | dd61f8475b25ca3efa9a390aba96fc024f41d63d (diff) | |
| download | gnutls-3abd9cac341340b3dddc9c2ab3af42140d402d2e.tar.gz | |
build: remove tautological if conditions
Spotted by LGTM.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
| -rw-r--r-- | lib/hello_ext.c | 3 | ||||
| -rw-r--r-- | lib/x509/name_constraints.c | 3 | ||||
| -rw-r--r-- | lib/x509/privkey.c | 8 | ||||
| -rw-r--r-- | lib/x509/verify.c | 2 | ||||
| -rw-r--r-- | lib/x509/x509_ext.c | 8 | ||||
| -rw-r--r-- | libdane/dane.c | 117 | ||||
| -rw-r--r-- | src/systemkey.c | 2 |
7 files changed, 71 insertions, 72 deletions
diff --git a/lib/hello_ext.c b/lib/hello_ext.c index 32385f4c0e..bb63623efb 100644 --- a/lib/hello_ext.c +++ b/lib/hello_ext.c @@ -790,7 +790,8 @@ gnutls_ext_register(const char *name, int id, gnutls_ext_parse_type_t parse_poin gid = extfunc[i]->gid + 1; } - if (gid > GNUTLS_EXTENSION_MAX_VALUE || gid >= sizeof(extfunc)/sizeof(extfunc[0])) + assert(gid < sizeof(extfunc)/sizeof(extfunc[0])); + if (gid > GNUTLS_EXTENSION_MAX_VALUE) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); tmp_mod = gnutls_calloc(1, sizeof(*tmp_mod)); diff --git a/lib/x509/name_constraints.c b/lib/x509/name_constraints.c index 9b71853c6d..6c1546ea81 100644 --- a/lib/x509/name_constraints.c +++ b/lib/x509/name_constraints.c @@ -165,7 +165,8 @@ int _gnutls_extract_name_constraints(asn1_node c2, const char *vstr, tmp.data = NULL; } - if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + assert(ret < 0); + if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { gnutls_assert(); goto cleanup; } diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 570e5e425c..3aa088ecff 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -736,11 +736,9 @@ gnutls_x509_privkey_import2(gnutls_x509_privkey_t key, if (ret >= 0) return ret; - if (ret < 0) { - gnutls_assert(); - saved_ret = ret; - /* fall through to PKCS #8 decoding */ - } + gnutls_assert(); + saved_ret = ret; + /* fall through to PKCS #8 decoding */ } if ((password != NULL || (flags & GNUTLS_PKCS_NULL_PASSWORD)) diff --git a/lib/x509/verify.c b/lib/x509/verify.c index ac1b268f11..c7e35f7cae 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -1715,7 +1715,7 @@ gnutls_x509_crl_verify(gnutls_x509_crl_t crl, if (verify) *verify |= GNUTLS_CERT_INVALID; goto cleanup; - } else if (result >= 0) { + } else { result = 0; /* everything ok */ } } diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c index c43bb172c3..41b38bd85b 100644 --- a/lib/x509/x509_ext.c +++ b/lib/x509/x509_ext.c @@ -947,8 +947,9 @@ int gnutls_x509_ext_import_authority_key_id(const gnutls_datum_t * ext, break; } + assert(ret < 0); aki->cert_issuer.size = i; - if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE + if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE && ret != GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) { gnutls_assert(); gnutls_free(san.data); @@ -2864,8 +2865,9 @@ static int parse_aia(asn1_node c2, gnutls_x509_aia_t aia) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); } } - - if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + + assert(ret < 0); + if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { return ret; } diff --git a/libdane/dane.c b/libdane/dane.c index a7236f9f7b..c9cbe8408a 100644 --- a/libdane/dane.c +++ b/libdane/dane.c @@ -934,6 +934,8 @@ dane_verify_session_crt(dane_state_t s, const gnutls_datum_t *cert_list; unsigned int cert_list_size = 0; unsigned int type; + gnutls_x509_crt_t crt, ca; + gnutls_certificate_credentials_t sc; int ret; cert_list = gnutls_certificate_get_peers(session, &cert_list_size); @@ -944,77 +946,72 @@ dane_verify_session_crt(dane_state_t s, type = gnutls_certificate_type_get(session); /* this list may be incomplete, try to get the self-signed CA if any */ - if (cert_list_size > 0) { - gnutls_x509_crt_t crt, ca; - gnutls_certificate_credentials_t sc; - - ret = gnutls_x509_crt_init(&crt); - if (ret < 0) { - gnutls_assert(); - goto failsafe; - } - - ret = gnutls_x509_crt_import(crt, &cert_list[cert_list_size-1], GNUTLS_X509_FMT_DER); - if (ret < 0) { - gnutls_assert(); - gnutls_x509_crt_deinit(crt); - goto failsafe; - } + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) { + gnutls_assert(); + goto failsafe; + } - /* if it is already self signed continue normally */ - ret = gnutls_x509_crt_check_issuer(crt, crt); - if (ret != 0) { - gnutls_assert(); - gnutls_x509_crt_deinit(crt); - goto failsafe; - } + ret = gnutls_x509_crt_import(crt, &cert_list[cert_list_size-1], GNUTLS_X509_FMT_DER); + if (ret < 0) { + gnutls_assert(); + gnutls_x509_crt_deinit(crt); + goto failsafe; + } - /* chain does not finish in a self signed cert, try to obtain the issuer */ - ret = gnutls_credentials_get(session, GNUTLS_CRD_CERTIFICATE, (void**)&sc); - if (ret < 0) { - gnutls_assert(); - gnutls_x509_crt_deinit(crt); - goto failsafe; - } + /* if it is already self signed continue normally */ + ret = gnutls_x509_crt_check_issuer(crt, crt); + if (ret != 0) { + gnutls_assert(); + gnutls_x509_crt_deinit(crt); + goto failsafe; + } - ret = gnutls_certificate_get_issuer(sc, crt, &ca, 0); - if (ret < 0) { - gnutls_assert(); - gnutls_x509_crt_deinit(crt); - goto failsafe; - } + /* chain does not finish in a self signed cert, try to obtain the issuer */ + ret = gnutls_credentials_get(session, GNUTLS_CRD_CERTIFICATE, (void**)&sc); + if (ret < 0) { + gnutls_assert(); + gnutls_x509_crt_deinit(crt); + goto failsafe; + } - /* make the new list */ - gnutls_datum_t *new_cert_list; + ret = gnutls_certificate_get_issuer(sc, crt, &ca, 0); + if (ret < 0) { + gnutls_assert(); + gnutls_x509_crt_deinit(crt); + goto failsafe; + } - new_cert_list = gnutls_malloc((cert_list_size + 1) * sizeof(gnutls_datum_t)); - if (new_cert_list == NULL) { - gnutls_assert(); - gnutls_x509_crt_deinit(crt); - goto failsafe; - } + /* make the new list */ + gnutls_datum_t *new_cert_list; - memcpy(new_cert_list, cert_list, cert_list_size*sizeof(gnutls_datum_t)); + new_cert_list = gnutls_malloc((cert_list_size + 1) * sizeof(gnutls_datum_t)); + if (new_cert_list == NULL) { + gnutls_assert(); + gnutls_x509_crt_deinit(crt); + goto failsafe; + } - ret = gnutls_x509_crt_export2(ca, GNUTLS_X509_FMT_DER, &new_cert_list[cert_list_size]); - if (ret < 0) { - gnutls_assert(); - free(new_cert_list); - gnutls_x509_crt_deinit(crt); - goto failsafe; - } + memcpy(new_cert_list, cert_list, cert_list_size*sizeof(gnutls_datum_t)); - ret = dane_verify_crt(s, new_cert_list, cert_list_size+1, type, - hostname, proto, port, sflags, vflags, - verify); - if (ret < 0) { - gnutls_assert(); - } - gnutls_free(new_cert_list[cert_list_size].data); + ret = gnutls_x509_crt_export2(ca, GNUTLS_X509_FMT_DER, &new_cert_list[cert_list_size]); + if (ret < 0) { + gnutls_assert(); free(new_cert_list); - return ret; + gnutls_x509_crt_deinit(crt); + goto failsafe; } + ret = dane_verify_crt(s, new_cert_list, cert_list_size+1, type, + hostname, proto, port, sflags, vflags, + verify); + if (ret < 0) { + gnutls_assert(); + } + gnutls_free(new_cert_list[cert_list_size].data); + free(new_cert_list); + return ret; + failsafe: return dane_verify_crt(s, cert_list, cert_list_size, type, hostname, proto, port, sflags, vflags, diff --git a/src/systemkey.c b/src/systemkey.c index 248fcbd942..d1186c59a0 100644 --- a/src/systemkey.c +++ b/src/systemkey.c @@ -151,7 +151,7 @@ static void systemkey_list(FILE * out) } } while(ret >= 0); - if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { if (ret == GNUTLS_E_UNIMPLEMENTED_FEATURE) { fprintf(stderr, "Native key store is not supported, or not present on this system\n"); } else { |