From 8e54c06a588c5a2e52b3202d7a016f329b9e4ca8 Mon Sep 17 00:00:00 2001
From: job <job@openbsd.org>
Date: Thu, 2 Sep 2021 21:12:28 +0000
Subject: [PATCH] Fix OPENSSL_assert() and assert()

OK tb@
---
 lib/libcrypto/x509/x509_addr.c | 13 ++++--------
 lib/libcrypto/x509/x509_asid.c | 39 ++++++++++++----------------------
 2 files changed, 17 insertions(+), 35 deletions(-)

diff --git a/lib/libcrypto/x509/x509_addr.c b/lib/libcrypto/x509/x509_addr.c
index 7a35b21332b..0781ce37a97 100644
--- a/lib/libcrypto/x509/x509_addr.c
+++ b/lib/libcrypto/x509/x509_addr.c
@@ -1063,8 +1063,7 @@ int X509v3_addr_canonize(IPAddrBlocks *addr)
     }
     (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
     sk_IPAddressFamily_sort(addr);
-    if (!OPENSSL_assert(X509v3_addr_is_canonical(addr)))
-        return 0;
+    OPENSSL_assert(X509v3_addr_is_canonical(addr));
     return 1;
 }
 
@@ -1362,13 +1361,9 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
     int i, j, ret = 1;
     X509 *x;
 
-    if (!OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0)
-            || !OPENSSL_assert(ctx != NULL || ext != NULL)
-            || !OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL)) {
-        if (ctx != NULL)
-            ctx->error = X509_V_ERR_UNSPECIFIED;
-        return 0;
-    }
+    OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
+    OPENSSL_assert(ctx != NULL || ext != NULL);
+    OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
 
     /*
      * Figure out where to start.  If we don't have an extension to
diff --git a/lib/libcrypto/x509/x509_asid.c b/lib/libcrypto/x509/x509_asid.c
index 9a0992b8a64..e774b097dca 100644
--- a/lib/libcrypto/x509/x509_asid.c
+++ b/lib/libcrypto/x509/x509_asid.c
@@ -304,11 +304,11 @@ static int ASIdOrRange_cmp(const ASIdOrRange *const *a_,
     const ASIdOrRange *a = *a_, *b = *b_;
 
     /* XXX: these asserts need to be replaced */
-    assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
+    OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
            (a->type == ASIdOrRange_range && a->u.range != NULL &&
             a->u.range->min != NULL && a->u.range->max != NULL));
 
-    assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
+    OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
            (b->type == ASIdOrRange_range && b->u.range != NULL &&
             b->u.range->min != NULL && b->u.range->max != NULL));
 
@@ -414,8 +414,8 @@ int X509v3_asid_add_id_or_range(ASIdentifiers *asid,
 static int extract_min_max(ASIdOrRange *aor,
                            ASN1_INTEGER **min, ASN1_INTEGER **max)
 {
-    if (!OPENSSL_assert(aor != NULL))
-        return 0;
+    OPENSSL_assert(aor != NULL);
+
     switch (aor->type) {
     case ASIdOrRange_id:
         *min = aor->u.id;
@@ -577,8 +577,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
         /*
          * Make sure we're properly sorted (paranoia).
          */
-        if (!OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0))
-            goto done;
+        OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
 
         /*
          * Punt inverted ranges.
@@ -663,8 +662,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
     }
 
     /* Paranoia */
-    if (!OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)))
-        goto done;
+    OPENSSL_assert(ASIdentifierChoice_is_canonical(choice));
 
     ret = 1;
 
@@ -907,14 +905,9 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx,
     int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
     X509 *x;
 
-    if (!OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0)
-            || !OPENSSL_assert(ctx != NULL || ext != NULL)
-            || !OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL)) {
-        if (ctx != NULL)
-            ctx->error = X509_V_ERR_UNSPECIFIED;
-        return 0;
-    }
-
+    OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
+    OPENSSL_assert(ctx != NULL || ext != NULL);
+    OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
 
     /*
      * Figure out where to start.  If we don't have an extension to
@@ -959,11 +952,8 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx,
      */
     for (i++; i < sk_X509_num(chain); i++) {
         x = sk_X509_value(chain, i);
-        if (!OPENSSL_assert(x != NULL)) {
-            if (ctx != NULL)
-                ctx->error = X509_V_ERR_UNSPECIFIED;
-            return 0;
-        }
+        OPENSSL_assert(x != NULL);
+
         if (x->rfc3779_asid == NULL) {
             if (child_as != NULL || child_rdi != NULL)
                 validation_err(X509_V_ERR_UNNESTED_RESOURCE);
@@ -1009,11 +999,8 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx,
     /*
      * Trust anchor can't inherit.
      */
-    if (!OPENSSL_assert(x != NULL)) {
-        if (ctx != NULL)
-            ctx->error = X509_V_ERR_UNSPECIFIED;
-        return 0;
-    }
+    OPENSSL_assert(x != NULL);
+
     if (x->rfc3779_asid != NULL) {
         if (x->rfc3779_asid->asnum != NULL &&
             x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)
-- 
2.20.1