[openssl-commits] [openssl] master update

Andy Polyakov appro at openssl.org
Tue Aug 7 06:57:32 UTC 2018


The branch master has been updated
       via  8839324450b569a6253e0dd237ee3e417ef17771 (commit)
       via  5b37fef04a2b765835361f0652aaa0c41ed1b842 (commit)
       via  28ad73181aeb3b0b027d53d3266159f4b2e15d5b (commit)
       via  f44d7e8b472dfc0602f8d06ef72e808a5e8d410c (commit)
      from  38eca7fed09a57c1b7a05d651af2c667b3e87719 (commit)


- Log -----------------------------------------------------------------
commit 8839324450b569a6253e0dd237ee3e417ef17771
Author: Andy Polyakov <appro at openssl.org>
Date:   Sun Aug 5 16:56:54 2018 +0200

    stack/stack.c: omit redundant NULL checks.
    
    Checks are left in OPENSSL_sk_shift, OPENSSL_sk_pop and OPENSSL_sk_num.
    This is because these are used as "opportunistic" readers, pulling
    whatever datai, if any, set by somebody else. All calls that add data
    don't check for stack being NULL, because caller should have checked
    if stack was actually created.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6860)

commit 5b37fef04a2b765835361f0652aaa0c41ed1b842
Author: Andy Polyakov <appro at openssl.org>
Date:   Sun Aug 5 16:50:41 2018 +0200

    Harmonize use of sk_TYPE_find's return value.
    
    In some cases it's about redundant check for return value, in some
    cases it's about replacing check for -1 with comparison to 0.
    Otherwise compiler might generate redundant check for <-1. [Even
    formatting and readability fixes.]
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6860)

commit 28ad73181aeb3b0b027d53d3266159f4b2e15d5b
Author: Andy Polyakov <appro at openssl.org>
Date:   Sun Aug 5 11:51:37 2018 +0200

    x509/x509name.c: fix potential crash in X509_NAME_get_text_by_OBJ.
    
    Documentation says "at most B<len> bytes will be written", which
    formally doesn't prohibit zero. But if zero B<len> was passed, the
    call to memcpy was bound to crash.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6860)

commit f44d7e8b472dfc0602f8d06ef72e808a5e8d410c
Author: Andy Polyakov <appro at openssl.org>
Date:   Mon Aug 6 09:43:39 2018 +0200

    INSTALL,NOTES.ANDROID: minor updates.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6866)

-----------------------------------------------------------------------

Summary of changes:
 INSTALL                   | 10 ++++++----
 NOTES.ANDROID             |  4 ++--
 crypto/asn1/asn_mime.c    |  4 ----
 crypto/evp/evp_pbe.c      |  5 ++---
 crypto/objects/obj_xref.c |  5 ++---
 crypto/stack/stack.c      | 21 ++++++++-------------
 crypto/x509/by_dir.c      | 10 +++-------
 crypto/x509/x509_lu.c     | 11 ++++++-----
 crypto/x509/x509_trs.c    |  7 ++++---
 crypto/x509/x509_vpm.c    |  9 ++++-----
 crypto/x509/x509name.c    |  8 +++++---
 crypto/x509/x_crl.c       | 10 +++++++---
 crypto/x509v3/pcy_cache.c | 10 ++++------
 crypto/x509v3/pcy_node.c  |  3 ---
 crypto/x509v3/pcy_tree.c  |  2 +-
 crypto/x509v3/v3_lib.c    |  2 --
 crypto/x509v3/v3_purp.c   |  7 ++++---
 ssl/ssl_ciph.c            |  5 +----
 18 files changed, 59 insertions(+), 74 deletions(-)

diff --git a/INSTALL b/INSTALL
index 98c34d6..34023dc 100644
--- a/INSTALL
+++ b/INSTALL
@@ -145,8 +145,8 @@
                    put together one-size-fits-all instructions. You might
                    have to pass more flags or set up environment variables
                    to actually make it work. Android and iOS cases are
-                   discussed in corresponding Configurations/10-main.cf
-                   sections. But there are cases when this option alone is
+                   discussed in corresponding Configurations/15-*.conf
+                   files. But there are cases when this option alone is
                    sufficient. For example to build the mingw64 target on
                    Linux "--cross-compile-prefix=x86_64-w64-mingw32-"
                    works. Naturally provided that mingw packages are
@@ -157,10 +157,12 @@
                    "--cross-compile-prefix=mipsel-linux-gnu-" suffices
                    in such case. Needless to mention that you have to
                    invoke ./Configure, not ./config, and pass your target
-                   name explicitly.
+                   name explicitly. Also, note that --openssldir refers
+                   to target's file system, not one you are building on.
 
   --debug
-                   Build OpenSSL with debugging symbols.
+                   Build OpenSSL with debugging symbols and zero optimization
+                   level.
 
   --libdir=DIR
                    The name of the directory under the top of the installation
diff --git a/NOTES.ANDROID b/NOTES.ANDROID
index 103ed87..d13f47d 100644
--- a/NOTES.ANDROID
+++ b/NOTES.ANDROID
@@ -46,8 +46,8 @@
  One can engage clang by adjusting PATH to cover NDK's clang. Just keep
  in mind that if you miss it, Configure will try to use gcc... Also,
  PATH would need even further adjustment to cover unprefixed, yet
- target-specific, ar and ranlib (or not, if you use binutils-multiarch
- on your Linux).
+ target-specific, ar and ranlib. It's possible that you don't need to
+ bother, if binutils-multiarch is installed on your Linux system.
 
  Running tests (on Linux)
  ------------------------
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
index aa92a8e..dfd5be6 100644
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -883,8 +883,6 @@ static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, const char *name)
     htmp.params = NULL;
 
     idx = sk_MIME_HEADER_find(hdrs, &htmp);
-    if (idx < 0)
-        return NULL;
     return sk_MIME_HEADER_value(hdrs, idx);
 }
 
@@ -896,8 +894,6 @@ static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, const char *name)
     param.param_name = (char *)name;
     param.param_value = NULL;
     idx = sk_MIME_PARAM_find(hdr->params, &param);
-    if (idx < 0)
-        return NULL;
     return sk_MIME_PARAM_value(hdr->params, idx);
 }
 
diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
index 0cebd2d..f80fc06 100644
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -217,10 +217,9 @@ int EVP_PBE_find(int type, int pbe_nid,
     pbelu.pbe_type = type;
     pbelu.pbe_nid = pbe_nid;
 
-    if (pbe_algs) {
+    if (pbe_algs != NULL) {
         i = sk_EVP_PBE_CTL_find(pbe_algs, &pbelu);
-        if (i != -1)
-            pbetmp = sk_EVP_PBE_CTL_value(pbe_algs, i);
+        pbetmp = sk_EVP_PBE_CTL_value(pbe_algs, i);
     }
     if (pbetmp == NULL) {
         pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe, OSSL_NELEM(builtin_pbe));
diff --git a/crypto/objects/obj_xref.c b/crypto/objects/obj_xref.c
index 42d204c..faf59eb 100644
--- a/crypto/objects/obj_xref.c
+++ b/crypto/objects/obj_xref.c
@@ -46,10 +46,9 @@ int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
     const nid_triple *rv = NULL;
     tmp.sign_id = signid;
 
-    if (sig_app) {
+    if (sig_app != NULL) {
         int idx = sk_nid_triple_find(sig_app, &tmp);
-        if (idx >= 0)
-            rv = sk_nid_triple_value(sig_app, idx);
+        rv = sk_nid_triple_value(sig_app, idx);
     }
 #ifndef OBJ_XREF_TEST2
     if (rv == NULL) {
diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c
index 975515d..bb3a0a7 100644
--- a/crypto/stack/stack.c
+++ b/crypto/stack/stack.c
@@ -226,9 +226,6 @@ OPENSSL_STACK *OPENSSL_sk_new_reserve(OPENSSL_sk_compfunc c, int n)
 
 int OPENSSL_sk_reserve(OPENSSL_STACK *st, int n)
 {
-    if (st == NULL)
-        return 0;
-
     if (n < 0)
         return 1;
     return sk_reserve(st, n, 1);
@@ -236,7 +233,7 @@ int OPENSSL_sk_reserve(OPENSSL_STACK *st, int n)
 
 int OPENSSL_sk_insert(OPENSSL_STACK *st, const void *data, int loc)
 {
-    if (st == NULL || st->num == max_nodes)
+    if (st->num == max_nodes)
         return 0;
 
     if (!sk_reserve(st, 1, 0))
@@ -278,7 +275,7 @@ void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p)
 
 void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc)
 {
-    if (st == NULL || loc < 0 || loc >= st->num)
+    if (loc < 0 || loc >= st->num)
         return NULL;
 
     return internal_delete(st, loc);
@@ -290,7 +287,7 @@ static int internal_find(OPENSSL_STACK *st, const void *data,
     const void *r;
     int i;
 
-    if (st == NULL || st->num == 0)
+    if (st->num == 0)
         return -1;
 
     if (st->comp == NULL) {
@@ -325,8 +322,6 @@ int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data)
 
 int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data)
 {
-    if (st == NULL)
-        return -1;
     return OPENSSL_sk_insert(st, data, st->num);
 }
 
@@ -351,7 +346,7 @@ void *OPENSSL_sk_pop(OPENSSL_STACK *st)
 
 void OPENSSL_sk_zero(OPENSSL_STACK *st)
 {
-    if (st == NULL || st->num == 0)
+    if (st->num == 0)
         return;
     memset(st->data, 0, sizeof(*st->data) * st->num);
     st->num = 0;
@@ -384,14 +379,14 @@ int OPENSSL_sk_num(const OPENSSL_STACK *st)
 
 void *OPENSSL_sk_value(const OPENSSL_STACK *st, int i)
 {
-    if (st == NULL || i < 0 || i >= st->num)
+    if (i < 0 || i >= st->num)
         return NULL;
     return (void *)st->data[i];
 }
 
 void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data)
 {
-    if (st == NULL || i < 0 || i >= st->num)
+    if (i < 0 || i >= st->num)
         return NULL;
     st->data[i] = data;
     st->sorted = 0;
@@ -400,7 +395,7 @@ void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data)
 
 void OPENSSL_sk_sort(OPENSSL_STACK *st)
 {
-    if (st != NULL && !st->sorted && st->comp != NULL) {
+    if (!st->sorted && st->comp != NULL) {
         if (st->num > 1)
             qsort(st->data, st->num, sizeof(void *), st->comp);
         st->sorted = 1; /* empty or single-element stack is considered sorted */
@@ -409,5 +404,5 @@ void OPENSSL_sk_sort(OPENSSL_STACK *st)
 
 int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st)
 {
-    return st == NULL ? 1 : st->sorted;
+    return st->sorted;
 }
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index 9d5a571..11ac52c 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -329,10 +329,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
          */
         CRYPTO_THREAD_write_lock(ctx->lock);
         j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp);
-        if (j != -1)
-            tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
-        else
-            tmp = NULL;
+        tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
         CRYPTO_THREAD_unlock(ctx->lock);
 
         /* If a CRL, update the last file suffix added for this */
@@ -343,11 +340,10 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
              * Look for entry again in case another thread added an entry
              * first.
              */
-            if (!hent) {
+            if (hent == NULL) {
                 htmp.hash = h;
                 idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
-                if (idx >= 0)
-                    hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
+                hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
             }
             if (hent == NULL) {
                 hent = OPENSSL_malloc(sizeof(*hent));
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index e7b1b85..be39015 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -619,17 +619,18 @@ STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
 X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
                                         X509_OBJECT *x)
 {
-    int idx, i;
+    int idx, i, num;
     X509_OBJECT *obj;
+
     idx = sk_X509_OBJECT_find(h, x);
-    if (idx == -1)
+    if (idx < 0)
         return NULL;
     if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL))
         return sk_X509_OBJECT_value(h, idx);
-    for (i = idx; i < sk_X509_OBJECT_num(h); i++) {
+    for (i = idx, num = sk_X509_OBJECT_num(h); i < num; i++) {
         obj = sk_X509_OBJECT_value(h, i);
-        if (x509_object_cmp
-            ((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
+        if (x509_object_cmp((const X509_OBJECT **)&obj,
+                            (const X509_OBJECT **)&x))
             return NULL;
         if (x->type == X509_LU_X509) {
             if (!X509_cmp(obj->data.x509, x->data.x509))
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
index a9bb88d..d2b0a8a 100644
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@@ -98,13 +98,14 @@ int X509_TRUST_get_by_id(int id)
 {
     X509_TRUST tmp;
     int idx;
+
     if ((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
         return id - X509_TRUST_MIN;
-    tmp.trust = id;
-    if (!trtable)
+    if (trtable == NULL)
         return -1;
+    tmp.trust = id;
     idx = sk_X509_TRUST_find(trtable, &tmp);
-    if (idx == -1)
+    if (idx < 0)
         return -1;
     return idx + X509_TRUST_COUNT;
 }
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 16d27f9..aea1862 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -555,10 +555,9 @@ int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
             return 0;
     } else {
         idx = sk_X509_VERIFY_PARAM_find(param_table, param);
-        if (idx != -1) {
-            ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx);
+        if (idx >= 0) {
+            ptmp = sk_X509_VERIFY_PARAM_delete(param_table, idx);
             X509_VERIFY_PARAM_free(ptmp);
-            (void)sk_X509_VERIFY_PARAM_delete(param_table, idx);
         }
     }
     if (!sk_X509_VERIFY_PARAM_push(param_table, param))
@@ -588,9 +587,9 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
     X509_VERIFY_PARAM pm;
 
     pm.name = (char *)name;
-    if (param_table) {
+    if (param_table != NULL) {
         idx = sk_X509_VERIFY_PARAM_find(param_table, &pm);
-        if (idx != -1)
+        if (idx >= 0)
             return sk_X509_VERIFY_PARAM_value(param_table, idx);
     }
     return OBJ_bsearch_table(&pm, default_table, OSSL_NELEM(default_table));
diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c
index 4666824..64a73e7 100644
--- a/crypto/x509/x509name.c
+++ b/crypto/x509/x509name.c
@@ -26,8 +26,8 @@ int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
     return X509_NAME_get_text_by_OBJ(name, obj, buf, len);
 }
 
-int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf,
-                              int len)
+int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj,
+                              char *buf, int len)
 {
     int i;
     const ASN1_STRING *data;
@@ -36,9 +36,11 @@ int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf
     if (i < 0)
         return -1;
     data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
-    i = (data->length > (len - 1)) ? (len - 1) : data->length;
     if (buf == NULL)
         return data->length;
+    if (len <= 0)
+        return 0;
+    i = (data->length > (len - 1)) ? (len - 1) : data->length;
     memcpy(buf, data->data, i);
     buf[i] = '\0';
     return i;
diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
index c0099e0..10733b5 100644
--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.c
@@ -383,8 +383,11 @@ static int def_crl_lookup(X509_CRL *crl,
                           X509_NAME *issuer)
 {
     X509_REVOKED rtmp, *rev;
-    int idx;
-    rtmp.serialNumber = *serial;
+    int idx, num;
+
+    if (crl->crl.revoked == NULL)
+        return 0;
+
     /*
      * Sort revoked into serial number order if not already sorted. Do this
      * under a lock to avoid race condition.
@@ -394,11 +397,12 @@ static int def_crl_lookup(X509_CRL *crl,
         sk_X509_REVOKED_sort(crl->crl.revoked);
         CRYPTO_THREAD_unlock(crl->lock);
     }
+    rtmp.serialNumber = *serial;
     idx = sk_X509_REVOKED_find(crl->crl.revoked, &rtmp);
     if (idx < 0)
         return 0;
     /* Need to look for matching name */
-    for (; idx < sk_X509_REVOKED_num(crl->crl.revoked); idx++) {
+    for (num = sk_X509_REVOKED_num(crl->crl.revoked); idx < num; idx++) {
         rev = sk_X509_REVOKED_value(crl->crl.revoked, idx);
         if (ASN1_INTEGER_cmp(&rev->serialNumber, serial))
             return 0;
diff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c
index 7873a42..623870b 100644
--- a/crypto/x509v3/pcy_cache.c
+++ b/crypto/x509v3/pcy_cache.c
@@ -26,19 +26,19 @@ static int policy_cache_set_int(long *out, ASN1_INTEGER *value);
 static int policy_cache_create(X509 *x,
                                CERTIFICATEPOLICIES *policies, int crit)
 {
-    int i, ret = 0;
+    int i, num, ret = 0;
     X509_POLICY_CACHE *cache = x->policy_cache;
     X509_POLICY_DATA *data = NULL;
     POLICYINFO *policy;
 
-    if (sk_POLICYINFO_num(policies) == 0)
+    if ((num = sk_POLICYINFO_num(policies)) <= 0)
         goto bad_policy;
     cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp);
     if (cache->data == NULL) {
         X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE);
         goto just_cleanup;
     }
-    for (i = 0; i < sk_POLICYINFO_num(policies); i++) {
+    for (i = 0; i < num; i++) {
         policy = sk_POLICYINFO_value(policies, i);
         data = policy_data_new(policy, NULL, crit);
         if (data == NULL) {
@@ -54,7 +54,7 @@ static int policy_cache_create(X509 *x,
                 goto bad_policy;
             }
             cache->anyPolicy = data;
-        } else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1) {
+        } else if (sk_X509_POLICY_DATA_find(cache->data, data) >=0 ) {
             ret = -1;
             goto bad_policy;
         } else if (!sk_X509_POLICY_DATA_push(cache->data, data)) {
@@ -204,8 +204,6 @@ X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
     X509_POLICY_DATA tmp;
     tmp.valid_policy = (ASN1_OBJECT *)id;
     idx = sk_X509_POLICY_DATA_find(cache->data, &tmp);
-    if (idx == -1)
-        return NULL;
     return sk_X509_POLICY_DATA_value(cache->data, idx);
 }
 
diff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c
index db4d71f..1ffe984 100644
--- a/crypto/x509v3/pcy_node.c
+++ b/crypto/x509v3/pcy_node.c
@@ -36,9 +36,6 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes,
     l.data = &n;
 
     idx = sk_X509_POLICY_NODE_find(nodes, &l);
-    if (idx == -1)
-        return NULL;
-
     return sk_X509_POLICY_NODE_value(nodes, idx);
 
 }
diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
index 9a1e208..87f51d0 100644
--- a/crypto/x509v3/pcy_tree.c
+++ b/crypto/x509v3/pcy_tree.c
@@ -442,7 +442,7 @@ static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes,
     if (*pnodes == NULL &&
         (*pnodes = policy_node_cmp_new()) == NULL)
         return 0;
-    if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1)
+    if (sk_X509_POLICY_NODE_find(*pnodes, pcy) >= 0)
         return 1;
     return sk_X509_POLICY_NODE_push(*pnodes, pcy) != 0;
 }
diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c
index f51aa96..e11e51b 100644
--- a/crypto/x509v3/v3_lib.c
+++ b/crypto/x509v3/v3_lib.c
@@ -64,8 +64,6 @@ const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
     if (!ext_list)
         return NULL;
     idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
-    if (idx == -1)
-        return NULL;
     return sk_X509V3_EXT_METHOD_value(ext_list, idx);
 }
 
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index 1ba1ce8..b421512 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -133,13 +133,14 @@ int X509_PURPOSE_get_by_id(int purpose)
 {
     X509_PURPOSE tmp;
     int idx;
+
     if ((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
         return purpose - X509_PURPOSE_MIN;
-    tmp.purpose = purpose;
-    if (!xptable)
+    if (xptable == NULL)
         return -1;
+    tmp.purpose = purpose;
     idx = sk_X509_PURPOSE_find(xptable, &tmp);
-    if (idx == -1)
+    if (idx < 0)
         return -1;
     return idx + X509_PURPOSE_COUNT;
 }
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 9011e42..b60cc79 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -505,10 +505,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
         ctmp.id = s->compress_meth;
         if (ssl_comp_methods != NULL) {
             i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp);
-            if (i >= 0)
-                *comp = sk_SSL_COMP_value(ssl_comp_methods, i);
-            else
-                *comp = NULL;
+            *comp = sk_SSL_COMP_value(ssl_comp_methods, i);
         }
         /* If were only interested in comp then return success */
         if ((enc == NULL) && (md == NULL))


More information about the openssl-commits mailing list