Convert make_IPAddressFamily to CBS/CBB

The IPAddrBlocks type, which represents the IPAddrBlocks extension, should have exactly one IPAddressFamily per AFI+SAFI combination to be delegated. make_IPAddressFamily() first builds up a search key from the afi and safi arguments and then looks for an existing IPAddressFamily with that key in the IPAddrBlocks that was passed in. It returns that if it finds it or allocates and adds a new one. This diff preserves the current behavior that the afi and *safi arguments are truncated to 2 and 1 bytes, respectively. This may change in the future. ok inoguchi jsing
author: tb <> 2021-12-28 16:10:47 +0000
committer: tb <> 2021-12-28 16:10:47 +0000
commit: 10bf2b260818e12ba8063556da5d7b74dde85775 (patch)
tree: 7a06f27d725169b1d0b56f1bc868a9152f89438e /src
parent: aebd8f6e8a2e74237ea4e3ecf83287e5430484d5 (diff)
download: openbsd-10bf2b260818e12ba8063556da5d7b74dde85775.tar.gz
openbsd-10bf2b260818e12ba8063556da5d7b74dde85775.tar.bz2
openbsd-10bf2b260818e12ba8063556da5d7b74dde85775.zip
1 files changed, 26 insertions, 13 deletions
diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c
index a0c73bdee5..244eea1f23 100644
--- a/src/lib/libcrypto/x509/x509_addr.c
+++ b/src/lib/libcrypto/x509/x509_addr.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: x509_addr.c,v 1.31 2021/12/28 16:05:23 tb Exp $ */
+/*      $OpenBSD: x509_addr.c,v 1.32 2021/12/28 16:10:47 tb Exp $ */
 /*
 * Contributed to the OpenSSL Project by the American Registry for
 * Internet Numbers ("ARIN").
@@ -764,25 +764,32 @@ static IPAddressFamily *
 make_IPAddressFamily(IPAddrBlocks *addr, const unsigned afi,
    const unsigned *safi)
 {
-        IPAddressFamily *f;
+        IPAddressFamily *f = NULL;
-        unsigned char key[3];
+        CBB cbb;
-        int keylen;
+        CBS cbs;
+        uint8_t *key = NULL;
+        size_t keylen;
        int i;
-        key[0] = (afi >> 8) & 0xFF;
+        if (!CBB_init(&cbb, 0))
-        key[1] = afi & 0xFF;
+                goto err;
+        if (!CBB_add_u16(&cbb, afi))
+                goto err;
        if (safi != NULL) {
-                key[2] = *safi & 0xFF;
+                if (!CBB_add_u8(&cbb, *safi))
-                keylen = 3;
+                        goto err;
-        } else {
-                keylen = 2;
        }
+        if (!CBB_finish(&cbb, &key, &keylen))
+                goto err;
        for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
                f = sk_IPAddressFamily_value(addr, i);
-                if (f->addressFamily->length == keylen &&
-                    !memcmp(f->addressFamily->data, key, keylen))
+                CBS_init(&cbs, f->addressFamily->data, f->addressFamily->length);
-                        return f;
+                if (CBS_mem_equal(&cbs, key, keylen))
+                        goto done;
        }
        if ((f = IPAddressFamily_new()) == NULL)
@@ -792,10 +799,16 @@ make_IPAddressFamily(IPAddrBlocks *addr, const unsigned afi,
        if (!sk_IPAddressFamily_push(addr, f))
                goto err;
+ done:
+        free(key);
        return f;
 err:
+        CBB_cleanup(&cbb);
+        free(key);
        IPAddressFamily_free(f);
        return NULL;
 }
author	tb <>	2021-12-28 16:10:47 +0000
committer	tb <>	2021-12-28 16:10:47 +0000
commit	10bf2b260818e12ba8063556da5d7b74dde85775 (patch)
tree	7a06f27d725169b1d0b56f1bc868a9152f89438e /src
parent	aebd8f6e8a2e74237ea4e3ecf83287e5430484d5 (diff)
download	openbsd-10bf2b260818e12ba8063556da5d7b74dde85775.tar.gz openbsd-10bf2b260818e12ba8063556da5d7b74dde85775.tar.bz2 openbsd-10bf2b260818e12ba8063556da5d7b74dde85775.zip

diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c index a0c73bdee5..244eea1f23 100644 --- a/src/lib/libcrypto/x509/x509_addr.c +++ b/src/lib/libcrypto/x509/x509_addr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_addr.c,v 1.31 2021/12/28 16:05:23 tb Exp $ */	1	/* $OpenBSD: x509_addr.c,v 1.32 2021/12/28 16:10:47 tb Exp $ */
2	/*	2	/*
3	* Contributed to the OpenSSL Project by the American Registry for	3	* Contributed to the OpenSSL Project by the American Registry for
4	* Internet Numbers ("ARIN").	4	* Internet Numbers ("ARIN").
@@ -764,25 +764,32 @@ static IPAddressFamily *
764	make_IPAddressFamily(IPAddrBlocks *addr, const unsigned afi,	764	make_IPAddressFamily(IPAddrBlocks *addr, const unsigned afi,
765	const unsigned *safi)	765	const unsigned *safi)
766	{	766	{
767	IPAddressFamily *f;	767	IPAddressFamily *f = NULL;
768	unsigned char key[3];	768	CBB cbb;
769	int keylen;	769	CBS cbs;
		770	uint8_t *key = NULL;
		771	size_t keylen;
770	int i;	772	int i;
771		773
772	key[0] = (afi >> 8) & 0xFF;	774	if (!CBB_init(&cbb, 0))
773	key[1] = afi & 0xFF;	775	goto err;
		776
		777	if (!CBB_add_u16(&cbb, afi))
		778	goto err;
774	if (safi != NULL) {	779	if (safi != NULL) {
775	key[2] = *safi & 0xFF;	780	if (!CBB_add_u8(&cbb, *safi))
776	keylen = 3;	781	goto err;
777	} else {
778	keylen = 2;
779	}	782	}
780		783
		784	if (!CBB_finish(&cbb, &key, &keylen))
		785	goto err;
		786
781	for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {	787	for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
782	f = sk_IPAddressFamily_value(addr, i);	788	f = sk_IPAddressFamily_value(addr, i);
783	if (f->addressFamily->length == keylen &&	789
784	!memcmp(f->addressFamily->data, key, keylen))	790	CBS_init(&cbs, f->addressFamily->data, f->addressFamily->length);
785	return f;	791	if (CBS_mem_equal(&cbs, key, keylen))
		792	goto done;
786	}	793	}
787		794
788	if ((f = IPAddressFamily_new()) == NULL)	795	if ((f = IPAddressFamily_new()) == NULL)
@@ -792,10 +799,16 @@ make_IPAddressFamily(IPAddrBlocks *addr, const unsigned afi,
792	if (!sk_IPAddressFamily_push(addr, f))	799	if (!sk_IPAddressFamily_push(addr, f))
793	goto err;	800	goto err;
794		801
		802	done:
		803	free(key);
		804
795	return f;	805	return f;
796		806
797	err:	807	err:
		808	CBB_cleanup(&cbb);
		809	free(key);
798	IPAddressFamily_free(f);	810	IPAddressFamily_free(f);
		811
799	return NULL;	812	return NULL;
800	}	813	}
801		814