Simplify make_addressPrefix()

In order to set the BIT STRING containing an address prefix, use existing helper functions from the ASN.1 code instead of redoing everything by hand. Make the function single exit and rename a few variables to make it clearer what is being done. ok jsing
author: tb <> 2022-05-17 07:50:59 +0000
committer: tb <> 2022-05-17 07:50:59 +0000
commit: cda197b3d8864f040571c54846809867f933099f (patch)
tree: b6fab4ea880454b40fd7c0974e33ad365f5970a3 /src
parent: 27e784dc1e3e5813d22270e673ff4b451758773a (diff)
download: openbsd-cda197b3d8864f040571c54846809867f933099f.tar.gz
openbsd-cda197b3d8864f040571c54846809867f933099f.tar.bz2
openbsd-cda197b3d8864f040571c54846809867f933099f.zip
1 files changed, 23 insertions, 21 deletions
diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c
index b1ff93d4d0..ba5aaff7e6 100644
--- a/src/lib/libcrypto/x509/x509_addr.c
+++ b/src/lib/libcrypto/x509/x509_addr.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: x509_addr.c,v 1.80 2022/04/21 05:06:07 tb Exp $ */
+/*      $OpenBSD: x509_addr.c,v 1.81 2022/05/17 07:50:59 tb Exp $ */
 /*
 * Contributed to the OpenSSL Project by the American Registry for
 * Internet Numbers ("ARIN").
@@ -73,6 +73,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+#include "asn1_locl.h"
 #include "bytestring.h"
 #include "x509_lcl.h"
@@ -847,44 +848,45 @@ range_should_be_prefix(const unsigned char *min, const unsigned char *max,
 }
 /*
- * Construct a prefix.
+ * Fill IPAddressOrRange with bit string encoding of a prefix - RFC 3779, 2.1.1.
 */
 static int
-make_addressPrefix(IPAddressOrRange **result, unsigned char *addr,
+make_addressPrefix(IPAddressOrRange **out_aor, uint8_t *addr, uint32_t afi,
-    unsigned int afi, int prefix_len)
+    int prefix_len)
 {
-        IPAddressOrRange *aor;
+        IPAddressOrRange *aor = NULL;
-        int afi_len, byte_len, bit_len, max_len;
+        int afi_len, max_len, num_bits, num_octets;
+        uint8_t unused_bits;
        if (prefix_len < 0)
-                return 0;
+                goto err;
        max_len = 16;
        if ((afi_len = length_from_afi(afi)) > 0)
                max_len = afi_len;
        if (prefix_len > 8 * max_len)
-                return 0;
+                goto err;
+        num_octets = (prefix_len + 7) / 8;
+        num_bits = prefix_len % 8;
-        byte_len = (prefix_len + 7) / 8;
+        unused_bits = 0;
-        bit_len = prefix_len % 8;
+        if (num_bits > 0)
+                unused_bits = 8 - num_bits;
        if ((aor = IPAddressOrRange_new()) == NULL)
-                return 0;
+                goto err;
        aor->type = IPAddressOrRange_addressPrefix;
        if ((aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL)
                goto err;
+        if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, num_octets))
-        if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, byte_len))
+                goto err;
+        if (!asn1_abs_set_unused_bits(aor->u.addressPrefix, unused_bits))
                goto err;
-        aor->u.addressPrefix->flags &= ~7;
+        *out_aor = aor;
-        aor->u.addressPrefix->flags |= ASN1_STRING_FLAG_BITS_LEFT;
-        if (bit_len > 0) {
-                aor->u.addressPrefix->data[byte_len - 1] &= ~(0xff >> bit_len);
-                aor->u.addressPrefix->flags |= 8 - bit_len;
-        }
-        *result = aor;
        return 1;
 err:
author	tb <>	2022-05-17 07:50:59 +0000
committer	tb <>	2022-05-17 07:50:59 +0000
commit	cda197b3d8864f040571c54846809867f933099f (patch)
tree	b6fab4ea880454b40fd7c0974e33ad365f5970a3 /src
parent	27e784dc1e3e5813d22270e673ff4b451758773a (diff)
download	openbsd-cda197b3d8864f040571c54846809867f933099f.tar.gz openbsd-cda197b3d8864f040571c54846809867f933099f.tar.bz2 openbsd-cda197b3d8864f040571c54846809867f933099f.zip

diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c index b1ff93d4d0..ba5aaff7e6 100644 --- a/src/lib/libcrypto/x509/x509_addr.c +++ b/src/lib/libcrypto/x509/x509_addr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_addr.c,v 1.80 2022/04/21 05:06:07 tb Exp $ */	1	/* $OpenBSD: x509_addr.c,v 1.81 2022/05/17 07:50:59 tb Exp $ */
2	/*	2	/*
3	* Contributed to the OpenSSL Project by the American Registry for	3	* Contributed to the OpenSSL Project by the American Registry for
4	* Internet Numbers ("ARIN").	4	* Internet Numbers ("ARIN").
@@ -73,6 +73,7 @@
73	#include <openssl/x509.h>	73	#include <openssl/x509.h>
74	#include <openssl/x509v3.h>	74	#include <openssl/x509v3.h>
75		75
		76	#include "asn1_locl.h"
76	#include "bytestring.h"	77	#include "bytestring.h"
77	#include "x509_lcl.h"	78	#include "x509_lcl.h"
78		79
@@ -847,44 +848,45 @@ range_should_be_prefix(const unsigned char min, const unsigned char max,
847	}	848	}
848		849
849	/*	850	/*
850	* Construct a prefix.	851	* Fill IPAddressOrRange with bit string encoding of a prefix - RFC 3779, 2.1.1.
851	*/	852	*/
852	static int	853	static int
853	make_addressPrefix(IPAddressOrRange *result, unsigned char addr,	854	make_addressPrefix(IPAddressOrRange *out_aor, uint8_t addr, uint32_t afi,
854	unsigned int afi, int prefix_len)	855	int prefix_len)
855	{	856	{
856	IPAddressOrRange *aor;	857	IPAddressOrRange *aor = NULL;
857	int afi_len, byte_len, bit_len, max_len;	858	int afi_len, max_len, num_bits, num_octets;
		859	uint8_t unused_bits;
858		860
859	if (prefix_len < 0)	861	if (prefix_len < 0)
860	return 0;	862	goto err;
861		863
862	max_len = 16;	864	max_len = 16;
863	if ((afi_len = length_from_afi(afi)) > 0)	865	if ((afi_len = length_from_afi(afi)) > 0)
864	max_len = afi_len;	866	max_len = afi_len;
865	if (prefix_len > 8 * max_len)	867	if (prefix_len > 8 * max_len)
866	return 0;	868	goto err;
		869
		870	num_octets = (prefix_len + 7) / 8;
		871	num_bits = prefix_len % 8;
867		872
868	byte_len = (prefix_len + 7) / 8;	873	unused_bits = 0;
869	bit_len = prefix_len % 8;	874	if (num_bits > 0)
		875	unused_bits = 8 - num_bits;
870		876
871	if ((aor = IPAddressOrRange_new()) == NULL)	877	if ((aor = IPAddressOrRange_new()) == NULL)
872	return 0;	878	goto err;
		879
873	aor->type = IPAddressOrRange_addressPrefix;	880	aor->type = IPAddressOrRange_addressPrefix;
		881
874	if ((aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL)	882	if ((aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL)
875	goto err;	883	goto err;
876		884	if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, num_octets))
877	if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, byte_len))	885	goto err;
		886	if (!asn1_abs_set_unused_bits(aor->u.addressPrefix, unused_bits))
878	goto err;	887	goto err;
879		888
880	aor->u.addressPrefix->flags &= ~7;	889	*out_aor = aor;
881	aor->u.addressPrefix->flags \|= ASN1_STRING_FLAG_BITS_LEFT;
882	if (bit_len > 0) {
883	aor->u.addressPrefix->data[byte_len - 1] &= ~(0xff >> bit_len);
884	aor->u.addressPrefix->flags \|= 8 - bit_len;
885	}
886
887	*result = aor;
888	return 1;	890	return 1;
889		891
890	err:	892	err: