Add a few accessors for IPAddressFamily and make first use of them

One reason why this file is hard to read are endless repetitions of checks and assignments reaching deep inside structs. This can be made much more readable by adding a bunch of accessors. As a first step, we deal with IPAddressFamily, where we want to check the type of the ipAddressChoice member, check whether the inheritance element is present or access the addressOrRanges field. This diff already makes minimal use of these accessors to appease -Werror. More use and additional accessors will follow in later passes. ok inoguchi jsing
author: tb <> 2021-12-28 16:37:37 +0000
committer: tb <> 2021-12-28 16:37:37 +0000
commit: 9555e42d8ea896fd922a012b68616d33478f64e1 (patch)
tree: a3a40256db534977a2386ad59ab473a6a8d2497b /src/lib
parent: c5e2fed5aebe8491f8f9f05ec8e17fa61fbfca9f (diff)
download: openbsd-9555e42d8ea896fd922a012b68616d33478f64e1.tar.gz
openbsd-9555e42d8ea896fd922a012b68616d33478f64e1.tar.bz2
openbsd-9555e42d8ea896fd922a012b68616d33478f64e1.zip
1 files changed, 94 insertions, 25 deletions
diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c
index 038319087b..723890e436 100644
--- a/src/lib/libcrypto/x509/x509_addr.c
+++ b/src/lib/libcrypto/x509/x509_addr.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: x509_addr.c,v 1.34 2021/12/28 16:26:53 tb Exp $ */
+/*      $OpenBSD: x509_addr.c,v 1.35 2021/12/28 16:37:37 tb Exp $ */
 /*
 * Contributed to the OpenSSL Project by the American Registry for
 * Internet Numbers ("ARIN").
@@ -78,6 +78,8 @@
 #ifndef OPENSSL_NO_RFC3779
+static int length_from_afi(const unsigned afi);
 /*
 * OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
 */
@@ -309,6 +311,75 @@ IPAddressFamily_free(IPAddressFamily *a)
 }
 /*
+ * Convenience accessors for IPAddressFamily.
+ */
+static int
+IPAddressFamily_type(IPAddressFamily *f)
+{
+        /* XXX - can f->ipAddressChoice == NULL actually happen? */
+        if (f == NULL || f->ipAddressChoice == NULL)
+                return -1;
+        switch (f->ipAddressChoice->type) {
+        case IPAddressChoice_inherit:
+        case IPAddressChoice_addressesOrRanges:
+                return f->ipAddressChoice->type;
+        default:
+                return -1;
+        }
+}
+static IPAddressOrRanges *
+IPAddressFamily_addressesOrRanges(IPAddressFamily *f)
+{
+        if (IPAddressFamily_type(f) == IPAddressChoice_addressesOrRanges)
+                return f->ipAddressChoice->u.addressesOrRanges;
+        return NULL;
+}
+static ASN1_NULL *
+IPAddressFamily_inheritance(IPAddressFamily *f)
+{
+        if (IPAddressFamily_type(f) == IPAddressChoice_inherit)
+                return f->ipAddressChoice->u.inherit;
+        return NULL;
+}
+static int
+IPAddressFamily_set_inheritance(IPAddressFamily *f)
+{
+        if (IPAddressFamily_addressesOrRanges(f) != NULL)
+                return 0;
+        if (IPAddressFamily_inheritance(f) != NULL)
+                return 1;
+        if ((f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL)
+                return 0;
+        f->ipAddressChoice->type = IPAddressChoice_inherit;
+        return 1;
+}
+static int
+IPAddressFamily_afi_length(const IPAddressFamily *f, int *out_length)
+{
+        unsigned int afi;
+        *out_length = 0;
+        if ((afi = X509v3_addr_get_afi(f)) == 0)
+                return 0;
+        *out_length = length_from_afi(afi);
+        return 1;
+}
+/*
 * How much buffer space do we need for a raw address?
 */
 #define ADDR_RAW_BUF_LEN        16
@@ -532,14 +603,14 @@ i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method, void *ext, BIO *out,
                                break;
                        }
                }
-                switch (f->ipAddressChoice->type) {
+                switch (IPAddressFamily_type(f)) {
                case IPAddressChoice_inherit:
                        BIO_puts(out, ": inherit\n");
                        break;
                case IPAddressChoice_addressesOrRanges:
                        BIO_puts(out, ":\n");
                        if (!i2r_IPAddressOrRanges(out, indent + 2,
-                            f->ipAddressChoice->u.addressesOrRanges, afi))
+                            IPAddressFamily_addressesOrRanges(f), afi))
                                return 0;
                        break;
                }
@@ -832,20 +903,12 @@ int
 X509v3_addr_add_inherit(IPAddrBlocks *addr, const unsigned afi,
    const unsigned *safi)
 {
-        IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
+        IPAddressFamily *f;
-        if (f == NULL ||
-            f->ipAddressChoice == NULL ||
+        if ((f = make_IPAddressFamily(addr, afi, safi)) == NULL)
-            (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
-             f->ipAddressChoice->u.addressesOrRanges != NULL))
-                return 0;
-        if (f->ipAddressChoice->type == IPAddressChoice_inherit &&
-            f->ipAddressChoice->u.inherit != NULL)
-                return 1;
-        if (f->ipAddressChoice->u.inherit == NULL &&
-            (f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL)
                return 0;
-        f->ipAddressChoice->type = IPAddressChoice_inherit;
-        return 1;
+        return IPAddressFamily_set_inheritance(f);
 }
 /*
@@ -855,20 +918,21 @@ static IPAddressOrRanges *
 make_prefix_or_range(IPAddrBlocks *addr, const unsigned afi,
    const unsigned *safi)
 {
-        IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
+        IPAddressFamily *f;
        IPAddressOrRanges *aors = NULL;
-        if (f == NULL ||
+        if ((f = make_IPAddressFamily(addr, afi, safi)) == NULL)
-            f->ipAddressChoice == NULL ||
-            (f->ipAddressChoice->type == IPAddressChoice_inherit &&
-             f->ipAddressChoice->u.inherit != NULL))
                return NULL;
-        if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges)
-                aors = f->ipAddressChoice->u.addressesOrRanges;
+        if (IPAddressFamily_inheritance(f) != NULL)
-        if (aors != NULL)
+                return NULL;
+        if ((aors = IPAddressFamily_addressesOrRanges(f)) != NULL)
                return aors;
        if ((aors = sk_IPAddressOrRange_new_null()) == NULL)
                return NULL;
        switch (afi) {
        case IANA_AFI_IPV4:
                sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
@@ -877,8 +941,10 @@ make_prefix_or_range(IPAddrBlocks *addr, const unsigned afi,
                sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
                break;
        }
        f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;
        f->ipAddressChoice->u.addressesOrRanges = aors;
        return aors;
 }
@@ -1011,7 +1077,10 @@ X509v3_addr_is_canonical(IPAddrBlocks *addr)
         */
        for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
                IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
-                int length = length_from_afi(X509v3_addr_get_afi(f));
+                int length;
+                if (!IPAddressFamily_afi_length(f, &length))
+                        return 0;
                /*
                 * Inheritance is canonical.  Anything other than inheritance
author	tb <>	2021-12-28 16:37:37 +0000
committer	tb <>	2021-12-28 16:37:37 +0000
commit	9555e42d8ea896fd922a012b68616d33478f64e1 (patch)
tree	a3a40256db534977a2386ad59ab473a6a8d2497b /src/lib
parent	c5e2fed5aebe8491f8f9f05ec8e17fa61fbfca9f (diff)
download	openbsd-9555e42d8ea896fd922a012b68616d33478f64e1.tar.gz openbsd-9555e42d8ea896fd922a012b68616d33478f64e1.tar.bz2 openbsd-9555e42d8ea896fd922a012b68616d33478f64e1.zip

diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c index 038319087b..723890e436 100644 --- a/src/lib/libcrypto/x509/x509_addr.c +++ b/src/lib/libcrypto/x509/x509_addr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_addr.c,v 1.34 2021/12/28 16:26:53 tb Exp $ */	1	/* $OpenBSD: x509_addr.c,v 1.35 2021/12/28 16:37:37 tb Exp $ */
2	/*	2	/*
3	* Contributed to the OpenSSL Project by the American Registry for	3	* Contributed to the OpenSSL Project by the American Registry for
4	* Internet Numbers ("ARIN").	4	* Internet Numbers ("ARIN").
@@ -78,6 +78,8 @@
78		78
79	#ifndef OPENSSL_NO_RFC3779	79	#ifndef OPENSSL_NO_RFC3779
80		80
		81	static int length_from_afi(const unsigned afi);
		82
81	/*	83	/*
82	* OpenSSL ASN.1 template translation of RFC 3779 2.2.3.	84	* OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
83	*/	85	*/
@@ -309,6 +311,75 @@ IPAddressFamily_free(IPAddressFamily *a)
309	}	311	}
310		312
311	/*	313	/*
		314	* Convenience accessors for IPAddressFamily.
		315	*/
		316
		317	static int
		318	IPAddressFamily_type(IPAddressFamily *f)
		319	{
		320	/* XXX - can f->ipAddressChoice == NULL actually happen? */
		321	if (f == NULL \|\| f->ipAddressChoice == NULL)
		322	return -1;
		323
		324	switch (f->ipAddressChoice->type) {
		325	case IPAddressChoice_inherit:
		326	case IPAddressChoice_addressesOrRanges:
		327	return f->ipAddressChoice->type;
		328	default:
		329	return -1;
		330	}
		331	}
		332
		333	static IPAddressOrRanges *
		334	IPAddressFamily_addressesOrRanges(IPAddressFamily *f)
		335	{
		336	if (IPAddressFamily_type(f) == IPAddressChoice_addressesOrRanges)
		337	return f->ipAddressChoice->u.addressesOrRanges;
		338
		339	return NULL;
		340	}
		341
		342	static ASN1_NULL *
		343	IPAddressFamily_inheritance(IPAddressFamily *f)
		344	{
		345	if (IPAddressFamily_type(f) == IPAddressChoice_inherit)
		346	return f->ipAddressChoice->u.inherit;
		347
		348	return NULL;
		349	}
		350
		351	static int
		352	IPAddressFamily_set_inheritance(IPAddressFamily *f)
		353	{
		354	if (IPAddressFamily_addressesOrRanges(f) != NULL)
		355	return 0;
		356
		357	if (IPAddressFamily_inheritance(f) != NULL)
		358	return 1;
		359
		360	if ((f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL)
		361	return 0;
		362	f->ipAddressChoice->type = IPAddressChoice_inherit;
		363
		364	return 1;
		365	}
		366
		367	static int
		368	IPAddressFamily_afi_length(const IPAddressFamily f, int out_length)
		369	{
		370	unsigned int afi;
		371
		372	*out_length = 0;
		373
		374	if ((afi = X509v3_addr_get_afi(f)) == 0)
		375	return 0;
		376
		377	*out_length = length_from_afi(afi);
		378
		379	return 1;
		380	}
		381
		382	/*
312	* How much buffer space do we need for a raw address?	383	* How much buffer space do we need for a raw address?
313	*/	384	*/
314	#define ADDR_RAW_BUF_LEN 16	385	#define ADDR_RAW_BUF_LEN 16
@@ -532,14 +603,14 @@ i2r_IPAddrBlocks(const X509V3_EXT_METHOD method, void ext, BIO *out,
532	break;	603	break;
533	}	604	}
534	}	605	}
535	switch (f->ipAddressChoice->type) {	606	switch (IPAddressFamily_type(f)) {
536	case IPAddressChoice_inherit:	607	case IPAddressChoice_inherit:
537	BIO_puts(out, ": inherit\n");	608	BIO_puts(out, ": inherit\n");
538	break;	609	break;
539	case IPAddressChoice_addressesOrRanges:	610	case IPAddressChoice_addressesOrRanges:
540	BIO_puts(out, ":\n");	611	BIO_puts(out, ":\n");
541	if (!i2r_IPAddressOrRanges(out, indent + 2,	612	if (!i2r_IPAddressOrRanges(out, indent + 2,
542	f->ipAddressChoice->u.addressesOrRanges, afi))	613	IPAddressFamily_addressesOrRanges(f), afi))
543	return 0;	614	return 0;
544	break;	615	break;
545	}	616	}
@@ -832,20 +903,12 @@ int
832	X509v3_addr_add_inherit(IPAddrBlocks *addr, const unsigned afi,	903	X509v3_addr_add_inherit(IPAddrBlocks *addr, const unsigned afi,
833	const unsigned *safi)	904	const unsigned *safi)
834	{	905	{
835	IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);	906	IPAddressFamily *f;
836	if (f == NULL \|\|	907
837	f->ipAddressChoice == NULL \|\|	908	if ((f = make_IPAddressFamily(addr, afi, safi)) == NULL)
838	(f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
839	f->ipAddressChoice->u.addressesOrRanges != NULL))
840	return 0;
841	if (f->ipAddressChoice->type == IPAddressChoice_inherit &&
842	f->ipAddressChoice->u.inherit != NULL)
843	return 1;
844	if (f->ipAddressChoice->u.inherit == NULL &&
845	(f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL)
846	return 0;	909	return 0;
847	f->ipAddressChoice->type = IPAddressChoice_inherit;	910
848	return 1;	911	return IPAddressFamily_set_inheritance(f);
849	}	912	}
850		913
851	/*	914	/*
@@ -855,20 +918,21 @@ static IPAddressOrRanges *
855	make_prefix_or_range(IPAddrBlocks *addr, const unsigned afi,	918	make_prefix_or_range(IPAddrBlocks *addr, const unsigned afi,
856	const unsigned *safi)	919	const unsigned *safi)
857	{	920	{
858	IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);	921	IPAddressFamily *f;
859	IPAddressOrRanges *aors = NULL;	922	IPAddressOrRanges *aors = NULL;
860		923
861	if (f == NULL \|\|	924	if ((f = make_IPAddressFamily(addr, afi, safi)) == NULL)
862	f->ipAddressChoice == NULL \|\|
863	(f->ipAddressChoice->type == IPAddressChoice_inherit &&
864	f->ipAddressChoice->u.inherit != NULL))
865	return NULL;	925	return NULL;
866	if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges)	926
867	aors = f->ipAddressChoice->u.addressesOrRanges;	927	if (IPAddressFamily_inheritance(f) != NULL)
868	if (aors != NULL)	928	return NULL;
		929
		930	if ((aors = IPAddressFamily_addressesOrRanges(f)) != NULL)
869	return aors;	931	return aors;
		932
870	if ((aors = sk_IPAddressOrRange_new_null()) == NULL)	933	if ((aors = sk_IPAddressOrRange_new_null()) == NULL)
871	return NULL;	934	return NULL;
		935
872	switch (afi) {	936	switch (afi) {
873	case IANA_AFI_IPV4:	937	case IANA_AFI_IPV4:
874	sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);	938	sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
@@ -877,8 +941,10 @@ make_prefix_or_range(IPAddrBlocks *addr, const unsigned afi,
877	sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);	941	sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
878	break;	942	break;
879	}	943	}
		944
880	f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;	945	f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;
881	f->ipAddressChoice->u.addressesOrRanges = aors;	946	f->ipAddressChoice->u.addressesOrRanges = aors;
		947
882	return aors;	948	return aors;
883	}	949	}
884		950
@@ -1011,7 +1077,10 @@ X509v3_addr_is_canonical(IPAddrBlocks *addr)
1011	*/	1077	*/
1012	for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {	1078	for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
1013	IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);	1079	IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
1014	int length = length_from_afi(X509v3_addr_get_afi(f));	1080	int length;
		1081
		1082	if (!IPAddressFamily_afi_length(f, &length))
		1083	return 0;
1015		1084
1016	/*	1085	/*
1017	* Inheritance is canonical. Anything other than inheritance	1086	* Inheritance is canonical. Anything other than inheritance