x509_vpm.c: add missing direct error reporting and improve coding style

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18918)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2022-08-07 06:17:15 +0200
committer: Dr. David von Oheimb <dev@ddvo.net> 2022-09-16 10:07:15 +0200
commit: 38ebfc3f5f83cbbd01011636d159ad3ed23e9765 (patch)
tree: 54a7332c6d6c04ca3050350126fa3fbbe7963175 /crypto/x509/x509_vpm.c
parent: X509_STORE_CTX_set_default(): improve error handling, also in its use (diff)
download: openssl-38ebfc3f5f83cbbd01011636d159ad3ed23e9765.tar.xz
openssl-38ebfc3f5f83cbbd01011636d159ad3ed23e9765.zip
1 files changed, 42 insertions, 40 deletions
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 598830bdcb..101f2dfe94 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -44,7 +44,8 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode,
      */
     if (namelen == 0 || name == NULL)
         namelen = name ? strlen(name) : 0;
-    else if (name && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen))
+    else if (name != NULL
+             && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen) != NULL)
         return 0;
     if (namelen > 0 && name[namelen - 1] == '\0')
         --namelen;
@@ -78,7 +79,6 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode,
     return 1;
 }
 
-
 X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
 {
     X509_VERIFY_PARAM *param;
@@ -142,8 +142,7 @@ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
 /* Macro to test if a field should be copied from src to dest */
 
 #define test_x509_verify_param_copy(field, def) \
-    (to_overwrite \
-         || ((src->field != def) && (to_default || (dest->field == def))))
+    (to_overwrite || (src->field != def && (to_default || dest->field == def)))
 
 /* Macro to test and copy a field if necessary */
 
@@ -156,25 +155,19 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
 {
     unsigned long inh_flags;
     int to_default, to_overwrite;
-    if (!src)
+
+    if (src == NULL)
         return 1;
     inh_flags = dest->inh_flags | src->inh_flags;
 
-    if (inh_flags & X509_VP_FLAG_ONCE)
+    if ((inh_flags & X509_VP_FLAG_ONCE) != 0)
         dest->inh_flags = 0;
 
-    if (inh_flags & X509_VP_FLAG_LOCKED)
+    if ((inh_flags & X509_VP_FLAG_LOCKED) != 0)
         return 1;
 
-    if (inh_flags & X509_VP_FLAG_DEFAULT)
-        to_default = 1;
-    else
-        to_default = 0;
-
-    if (inh_flags & X509_VP_FLAG_OVERWRITE)
-        to_overwrite = 1;
-    else
-        to_overwrite = 0;
+    to_default = (inh_flags & X509_VP_FLAG_DEFAULT) != 0;
+    to_overwrite = (inh_flags & X509_VP_FLAG_OVERWRITE) != 0;
 
     x509_verify_param_copy(purpose, 0);
     x509_verify_param_copy(trust, X509_TRUST_DEFAULT);
@@ -183,13 +176,13 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
 
     /* If overwrite or check time not set, copy across */
 
-    if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) {
+    if (to_overwrite || (dest->flags & X509_V_FLAG_USE_CHECK_TIME) == 0) {
         dest->check_time = src->check_time;
         dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
         /* Don't need to copy flag: that is done below */
     }
 
-    if (inh_flags & X509_VP_FLAG_RESET_FLAGS)
+    if ((inh_flags & X509_VP_FLAG_RESET_FLAGS) != 0)
         dest->flags = 0;
 
     dest->flags |= src->flags;
@@ -204,7 +197,7 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
     if (test_x509_verify_param_copy(hosts, NULL)) {
         sk_OPENSSL_STRING_pop_free(dest->hosts, str_free);
         dest->hosts = NULL;
-        if (src->hosts) {
+        if (src->hosts != NULL) {
             dest->hosts =
                 sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free);
             if (dest->hosts == NULL)
@@ -228,8 +221,14 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
 int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
                            const X509_VERIFY_PARAM *from)
 {
-    unsigned long save_flags = to->inh_flags;
+    unsigned long save_flags;
     int ret;
+
+    if (to == NULL) {
+        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    save_flags = to->inh_flags;
     to->inh_flags |= X509_VP_FLAG_DEFAULT;
     ret = X509_VERIFY_PARAM_inherit(to, from);
     to->inh_flags = save_flags;
@@ -240,7 +239,8 @@ static int int_x509_param_set1(char **pdest, size_t *pdestlen,
                                const char *src, size_t srclen)
 {
     char *tmp;
-    if (src) {
+
+    if (src != NULL) {
         if (srclen == 0)
             srclen = strlen(src);
 
@@ -264,15 +264,13 @@ int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
 {
     OPENSSL_free(param->name);
     param->name = OPENSSL_strdup(name);
-    if (param->name)
-        return 1;
-    return 0;
+    return param->name != NULL;
 }
 
 int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags)
 {
     param->flags |= flags;
-    if (flags & X509_V_FLAG_POLICY_MASK)
+    if ((flags & X509_V_FLAG_POLICY_MASK) != 0)
         param->flags |= X509_V_FLAG_POLICY_CHECK;
     return 1;
 }
@@ -339,9 +337,7 @@ int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
         if (param->policies == NULL)
             return 0;
     }
-    if (!sk_ASN1_OBJECT_push(param->policies, policy))
-        return 0;
-    return 1;
+    return sk_ASN1_OBJECT_push(param->policies, policy);
 }
 
 int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
@@ -350,8 +346,10 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
     int i;
     ASN1_OBJECT *oid, *doid;
 
-    if (param == NULL)
+    if (param == NULL) {
+        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
+    }
     sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
 
     if (policies == NULL) {
@@ -366,7 +364,7 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
     for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) {
         oid = sk_ASN1_OBJECT_value(policies, i);
         doid = OBJ_dup(oid);
-        if (!doid)
+        if (doid == NULL)
             return 0;
         if (!sk_ASN1_OBJECT_push(param->policies, doid)) {
             ASN1_OBJECT_free(doid);
@@ -424,7 +422,7 @@ void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *to,
         OPENSSL_free(to->peername);
         to->peername = peername;
     }
-    if (from)
+    if (from != NULL)
         from->peername = NULL;
 }
 
@@ -443,8 +441,10 @@ int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
 static unsigned char
 *int_X509_VERIFY_PARAM_get0_ip(X509_VERIFY_PARAM *param, size_t *plen)
 {
-    if (param == NULL || param->ip == NULL)
+    if (param == NULL || param->ip == NULL) {
+        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
         return NULL;
+    }
     if (plen != NULL)
         *plen = param->iplen;
     return param->ip;
@@ -455,14 +455,16 @@ char *X509_VERIFY_PARAM_get1_ip_asc(X509_VERIFY_PARAM *param)
     size_t iplen;
     unsigned char *ip = int_X509_VERIFY_PARAM_get0_ip(param, &iplen);
 
-    return  ip == NULL ? NULL : ossl_ipaddr_to_asc(ip, iplen);
+    return ip == NULL ? NULL : ossl_ipaddr_to_asc(ip, iplen);
 }
 
 int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
                               const unsigned char *ip, size_t iplen)
 {
-    if (iplen != 0 && iplen != 4 && iplen != 16)
+    if (iplen != 0 && iplen != 4 && iplen != 16) {
+        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT);
         return 0;
+    }
     return int_x509_param_set1((char **)&param->ip, &param->iplen,
                                (char *)ip, iplen);
 }
@@ -470,9 +472,8 @@ int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
 int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc)
 {
     unsigned char ipout[16];
-    size_t iplen;
+    size_t iplen = (size_t)ossl_a2i_ipadd(ipout, ipasc);
 
-    iplen = (size_t)ossl_a2i_ipadd(ipout, ipasc);
     if (iplen == 0)
         return 0;
     return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen);
@@ -596,6 +597,7 @@ int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
 {
     int idx;
     X509_VERIFY_PARAM *ptmp;
+
     if (param_table == NULL) {
         param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
         if (param_table == NULL)
@@ -607,15 +609,14 @@ int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
             X509_VERIFY_PARAM_free(ptmp);
         }
     }
-    if (!sk_X509_VERIFY_PARAM_push(param_table, param))
-        return 0;
-    return 1;
+    return sk_X509_VERIFY_PARAM_push(param_table, param);
 }
 
 int X509_VERIFY_PARAM_get_count(void)
 {
     int num = OSSL_NELEM(default_table);
-    if (param_table)
+
+    if (param_table != NULL)
         num += sk_X509_VERIFY_PARAM_num(param_table);
     return num;
 }
@@ -623,6 +624,7 @@ int X509_VERIFY_PARAM_get_count(void)
 const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id)
 {
     int num = OSSL_NELEM(default_table);
+
     if (id < num)
         return default_table + id;
     return sk_X509_VERIFY_PARAM_value(param_table, id - num);
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2022-08-07 06:17:15 +0200
committer	Dr. David von Oheimb <dev@ddvo.net>	2022-09-16 10:07:15 +0200
commit	38ebfc3f5f83cbbd01011636d159ad3ed23e9765 (patch)
tree	54a7332c6d6c04ca3050350126fa3fbbe7963175 /crypto/x509/x509_vpm.c
parent	X509_STORE_CTX_set_default(): improve error handling, also in its use (diff)
download	openssl-38ebfc3f5f83cbbd01011636d159ad3ed23e9765.tar.xz openssl-38ebfc3f5f83cbbd01011636d159ad3ed23e9765.zip