1 files changed, 96 insertions, 38 deletions
diff --git a/src/lib/libcrypto/x509/x509_asid.c b/src/lib/libcrypto/x509/x509_asid.c
index 95b1acb1e4..ecd35b1f1d 100644
--- a/src/lib/libcrypto/x509/x509_asid.c
+++ b/src/lib/libcrypto/x509/x509_asid.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: x509_asid.c,v 1.40 2023/04/19 12:30:09 jsg Exp $ */
+/*      $OpenBSD: x509_asid.c,v 1.41 2023/11/11 09:35:21 tb Exp $ */
 /*
 * Contributed to the OpenSSL Project by the American Registry for
 * Internet Numbers ("ARIN").
@@ -406,8 +406,12 @@ int
 X509v3_asid_add_inherit(ASIdentifiers *asid, int which)
 {
        ASIdentifierChoice **choice;
+        ASIdentifierChoice *aic = NULL;
+        int ret = 0;
        if (asid == NULL)
-                return 0;
+                goto err;
        switch (which) {
        case V3_ASID_ASNUM:
                choice = &asid->asnum;
@@ -416,19 +420,76 @@ X509v3_asid_add_inherit(ASIdentifiers *asid, int which)
                choice = &asid->rdi;
                break;
        default:
-                return 0;
+                goto err;
        }
-        if (*choice == NULL) {
-                if ((*choice = ASIdentifierChoice_new()) == NULL)
+        if (*choice != NULL) {
-                        return 0;
+                if ((*choice)->type != ASIdentifierChoice_inherit)
-                if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
+                        goto err;
-                        return 0;
+        } else {
-                (*choice)->type = ASIdentifierChoice_inherit;
+                if ((aic = ASIdentifierChoice_new()) == NULL)
+                        goto err;
+                if ((aic->u.inherit = ASN1_NULL_new()) == NULL)
+                        goto err;
+                aic->type = ASIdentifierChoice_inherit;
+                *choice = aic;
+                aic = NULL;
        }
-        return (*choice)->type == ASIdentifierChoice_inherit;
+        ret = 1;
+ err:
+        ASIdentifierChoice_free(aic);
+        return ret;
 }
 LCRYPTO_ALIAS(X509v3_asid_add_inherit);
+static int
+ASIdOrRanges_add_id_or_range(ASIdOrRanges *aors, ASN1_INTEGER *min,
+    ASN1_INTEGER *max)
+{
+        ASIdOrRange *aor = NULL;
+        ASRange *asr = NULL;
+        int ret = 0;
+        /* Preallocate since we must not fail after sk_ASIdOrRange_push(). */
+        if (max != NULL) {
+                if ((asr = ASRange_new()) == NULL)
+                        goto err;
+        }
+        if ((aor = ASIdOrRange_new()) == NULL)
+                goto err;
+        if (sk_ASIdOrRange_push(aors, aor) <= 0)
+                goto err;
+        if (max == NULL) {
+                aor->type = ASIdOrRange_id;
+                aor->u.id = min;
+        } else {
+                ASN1_INTEGER_free(asr->min);
+                asr->min = min;
+                ASN1_INTEGER_free(asr->max);
+                asr->max = max;
+                aor->type = ASIdOrRange_range;
+                aor->u.range = asr;
+                asr = NULL;
+        }
+        aor = NULL;
+        ret = 1;
+ err:
+        ASIdOrRange_free(aor);
+        ASRange_free(asr);
+        return ret;
+}
 /*
 * Add an ID or range to an ASIdentifierChoice.
 */
@@ -437,9 +498,12 @@ X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which, ASN1_INTEGER *min,
    ASN1_INTEGER *max)
 {
        ASIdentifierChoice **choice;
-        ASIdOrRange *aor;
+        ASIdentifierChoice *aic = NULL, *new_aic = NULL;
+        int ret = 0;
        if (asid == NULL)
-                return 0;
+                goto err;
        switch (which) {
        case V3_ASID_ASNUM:
                choice = &asid->asnum;
@@ -448,39 +512,33 @@ X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which, ASN1_INTEGER *min,
                choice = &asid->rdi;
                break;
        default:
-                return 0;
+                goto err;
-        }
-        if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit)
-                return 0;
-        if (*choice == NULL) {
-                if ((*choice = ASIdentifierChoice_new()) == NULL)
-                        return 0;
-                (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
-                if ((*choice)->u.asIdsOrRanges == NULL)
-                        return 0;
-                (*choice)->type = ASIdentifierChoice_asIdsOrRanges;
        }
-        if ((aor = ASIdOrRange_new()) == NULL)
-                return 0;
+        if ((aic = *choice) != NULL) {
-        if (max == NULL) {
+                if (aic->type != ASIdentifierChoice_asIdsOrRanges)
-                aor->type = ASIdOrRange_id;
+                        goto err;
-                aor->u.id = min;
        } else {
-                aor->type = ASIdOrRange_range;
+                if ((aic = new_aic = ASIdentifierChoice_new()) == NULL)
-                if ((aor->u.range = ASRange_new()) == NULL)
+                        goto err;
+                aic->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
+                if (aic->u.asIdsOrRanges == NULL)
                        goto err;
-                ASN1_INTEGER_free(aor->u.range->min);
+                aic->type = ASIdentifierChoice_asIdsOrRanges;
-                aor->u.range->min = min;
-                ASN1_INTEGER_free(aor->u.range->max);
-                aor->u.range->max = max;
        }
-        if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor)))
+        if (!ASIdOrRanges_add_id_or_range(aic->u.asIdsOrRanges, min, max))
                goto err;
-        return 1;
+        *choice = aic;
+        aic = new_aic = NULL;
+        ret = 1;
 err:
-        ASIdOrRange_free(aor);
+        ASIdentifierChoice_free(new_aic);
-        return 0;
+        return ret;
 }
 LCRYPTO_ALIAS(X509v3_asid_add_id_or_range);

diff --git a/src/lib/libcrypto/x509/x509_asid.c b/src/lib/libcrypto/x509/x509_asid.c index 95b1acb1e4..ecd35b1f1d 100644 --- a/src/lib/libcrypto/x509/x509_asid.c +++ b/src/lib/libcrypto/x509/x509_asid.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_asid.c,v 1.40 2023/04/19 12:30:09 jsg Exp $ */	1	/* $OpenBSD: x509_asid.c,v 1.41 2023/11/11 09:35:21 tb Exp $ */
2	/*	2	/*
3	* Contributed to the OpenSSL Project by the American Registry for	3	* Contributed to the OpenSSL Project by the American Registry for
4	* Internet Numbers ("ARIN").	4	* Internet Numbers ("ARIN").
@@ -406,8 +406,12 @@ int
406	X509v3_asid_add_inherit(ASIdentifiers *asid, int which)	406	X509v3_asid_add_inherit(ASIdentifiers *asid, int which)
407	{	407	{
408	ASIdentifierChoice **choice;	408	ASIdentifierChoice **choice;
		409	ASIdentifierChoice *aic = NULL;
		410	int ret = 0;
		411
409	if (asid == NULL)	412	if (asid == NULL)
410	return 0;	413	goto err;
		414
411	switch (which) {	415	switch (which) {
412	case V3_ASID_ASNUM:	416	case V3_ASID_ASNUM:
413	choice = &asid->asnum;	417	choice = &asid->asnum;
@@ -416,19 +420,76 @@ X509v3_asid_add_inherit(ASIdentifiers *asid, int which)
416	choice = &asid->rdi;	420	choice = &asid->rdi;
417	break;	421	break;
418	default:	422	default:
419	return 0;	423	goto err;
420	}	424	}
421	if (*choice == NULL) {	425
422	if ((*choice = ASIdentifierChoice_new()) == NULL)	426	if (*choice != NULL) {
423	return 0;	427	if ((*choice)->type != ASIdentifierChoice_inherit)
424	if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)	428	goto err;
425	return 0;	429	} else {
426	(*choice)->type = ASIdentifierChoice_inherit;	430	if ((aic = ASIdentifierChoice_new()) == NULL)
		431	goto err;
		432	if ((aic->u.inherit = ASN1_NULL_new()) == NULL)
		433	goto err;
		434	aic->type = ASIdentifierChoice_inherit;
		435
		436	*choice = aic;
		437	aic = NULL;
427	}	438	}
428	return (*choice)->type == ASIdentifierChoice_inherit;	439
		440	ret = 1;
		441
		442	err:
		443	ASIdentifierChoice_free(aic);
		444
		445	return ret;
429	}	446	}
430	LCRYPTO_ALIAS(X509v3_asid_add_inherit);	447	LCRYPTO_ALIAS(X509v3_asid_add_inherit);
431		448
		449	static int
		450	ASIdOrRanges_add_id_or_range(ASIdOrRanges aors, ASN1_INTEGER min,
		451	ASN1_INTEGER *max)
		452	{
		453	ASIdOrRange *aor = NULL;
		454	ASRange *asr = NULL;
		455	int ret = 0;
		456
		457	/* Preallocate since we must not fail after sk_ASIdOrRange_push(). */
		458	if (max != NULL) {
		459	if ((asr = ASRange_new()) == NULL)
		460	goto err;
		461	}
		462
		463	if ((aor = ASIdOrRange_new()) == NULL)
		464	goto err;
		465	if (sk_ASIdOrRange_push(aors, aor) <= 0)
		466	goto err;
		467
		468	if (max == NULL) {
		469	aor->type = ASIdOrRange_id;
		470	aor->u.id = min;
		471	} else {
		472	ASN1_INTEGER_free(asr->min);
		473	asr->min = min;
		474	ASN1_INTEGER_free(asr->max);
		475	asr->max = max;
		476
		477	aor->type = ASIdOrRange_range;
		478	aor->u.range = asr;
		479	asr = NULL;
		480	}
		481
		482	aor = NULL;
		483
		484	ret = 1;
		485
		486	err:
		487	ASIdOrRange_free(aor);
		488	ASRange_free(asr);
		489
		490	return ret;
		491	}
		492
432	/*	493	/*
433	* Add an ID or range to an ASIdentifierChoice.	494	* Add an ID or range to an ASIdentifierChoice.
434	*/	495	*/
@@ -437,9 +498,12 @@ X509v3_asid_add_id_or_range(ASIdentifiers asid, int which, ASN1_INTEGER min,
437	ASN1_INTEGER *max)	498	ASN1_INTEGER *max)
438	{	499	{
439	ASIdentifierChoice **choice;	500	ASIdentifierChoice **choice;
440	ASIdOrRange *aor;	501	ASIdentifierChoice aic = NULL, new_aic = NULL;
		502	int ret = 0;
		503
441	if (asid == NULL)	504	if (asid == NULL)
442	return 0;	505	goto err;
		506
443	switch (which) {	507	switch (which) {
444	case V3_ASID_ASNUM:	508	case V3_ASID_ASNUM:
445	choice = &asid->asnum;	509	choice = &asid->asnum;
@@ -448,39 +512,33 @@ X509v3_asid_add_id_or_range(ASIdentifiers asid, int which, ASN1_INTEGER min,
448	choice = &asid->rdi;	512	choice = &asid->rdi;
449	break;	513	break;
450	default:	514	default:
451	return 0;	515	goto err;
452	}
453	if (choice != NULL && (choice)->type == ASIdentifierChoice_inherit)
454	return 0;
455	if (*choice == NULL) {
456	if ((*choice = ASIdentifierChoice_new()) == NULL)
457	return 0;
458	(*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
459	if ((*choice)->u.asIdsOrRanges == NULL)
460	return 0;
461	(*choice)->type = ASIdentifierChoice_asIdsOrRanges;
462	}	516	}
463	if ((aor = ASIdOrRange_new()) == NULL)	517
464	return 0;	518	if ((aic = *choice) != NULL) {
465	if (max == NULL) {	519	if (aic->type != ASIdentifierChoice_asIdsOrRanges)
466	aor->type = ASIdOrRange_id;	520	goto err;
467	aor->u.id = min;
468	} else {	521	} else {
469	aor->type = ASIdOrRange_range;	522	if ((aic = new_aic = ASIdentifierChoice_new()) == NULL)
470	if ((aor->u.range = ASRange_new()) == NULL)	523	goto err;
		524	aic->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
		525	if (aic->u.asIdsOrRanges == NULL)
471	goto err;	526	goto err;
472	ASN1_INTEGER_free(aor->u.range->min);	527	aic->type = ASIdentifierChoice_asIdsOrRanges;
473	aor->u.range->min = min;
474	ASN1_INTEGER_free(aor->u.range->max);
475	aor->u.range->max = max;
476	}	528	}
477	if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor)))	529
		530	if (!ASIdOrRanges_add_id_or_range(aic->u.asIdsOrRanges, min, max))
478	goto err;	531	goto err;
479	return 1;	532
		533	*choice = aic;
		534	aic = new_aic = NULL;
		535
		536	ret = 1;
480		537
481	err:	538	err:
482	ASIdOrRange_free(aor);	539	ASIdentifierChoice_free(new_aic);
483	return 0;	540
		541	return ret;
484	}	542	}
485	LCRYPTO_ALIAS(X509v3_asid_add_id_or_range);	543	LCRYPTO_ALIAS(X509v3_asid_add_id_or_range);
486		544