From fadbfece8693f0ef4e461242a68e499a8580c324 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Fri, 11 Nov 2022 12:02:34 +0000
Subject: Start CBS-ifying the name constraints code.

ok jsing@ tb@
---
 src/regress/lib/libcrypto/x509/Makefile      |  3 +-
 src/regress/lib/libcrypto/x509/constraints.c | 83 +++++++++++++++++-----------
 2 files changed, 52 insertions(+), 34 deletions(-)

(limited to 'src/regress')

diff --git a/src/regress/lib/libcrypto/x509/Makefile b/src/regress/lib/libcrypto/x509/Makefile
index 4635d63ed0..a465b37874 100644
--- a/src/regress/lib/libcrypto/x509/Makefile
+++ b/src/regress/lib/libcrypto/x509/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.14 2022/06/28 07:56:34 beck Exp $
+#	$OpenBSD: Makefile,v 1.15 2022/11/11 12:02:34 beck Exp $
 
 PROGS =	constraints verify x509attribute x509name x509req_ext callback
 PROGS += expirecallback callbackfailures
@@ -10,6 +10,7 @@ LDADD_verify = ${CRYPTO_INT}
 
 WARNINGS =	Yes
 CFLAGS +=	-DLIBRESSL_INTERNAL -Wall -Werror -I$(BSDSRCDIR)/lib/libcrypto/x509
+CFLAGS += 	-I$(BSDSRCDIR)/lib/libcrypto/bytestring
 
 SUBDIR += bettertls rfc3779
 
diff --git a/src/regress/lib/libcrypto/x509/constraints.c b/src/regress/lib/libcrypto/x509/constraints.c
index 8f7017dd7e..933c4f47c8 100644
--- a/src/regress/lib/libcrypto/x509/constraints.c
+++ b/src/regress/lib/libcrypto/x509/constraints.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: constraints.c,v 1.12 2022/10/30 13:27:15 kn Exp $	*/
+/*	$OpenBSD: constraints.c,v 1.13 2022/11/11 12:02:34 beck Exp $	*/
 /*
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
  *
@@ -23,11 +23,10 @@
 #include <openssl/x509v3.h>
 #include "x509_internal.h"
 
-
-#define FAIL(msg, ...)						\
-do {								\
-	fprintf(stderr, "[%s:%d] FAIL: ", __FILE__, __LINE__);	\
-	fprintf(stderr, msg, ##__VA_ARGS__);			\
+#define FAIL(msg, ...)							\
+do {									\
+	fprintf(stderr, "[%s:%d] FAIL: ", __FILE__, __LINE__);		\
+	fprintf(stderr, msg, ##__VA_ARGS__);				\
 } while(0)
 
 unsigned char *valid_hostnames[] = {
@@ -168,15 +167,16 @@ test_valid_hostnames(void)
 	int i, failure = 0;
 
 	for (i = 0; valid_hostnames[i] != NULL; i++) {
-		if (!x509_constraints_valid_host(valid_hostnames[i],
-			strlen(valid_hostnames[i]))) {
+		CBS cbs;
+		CBS_init(&cbs, valid_hostnames[i], strlen(valid_hostnames[i]));
+		if (!x509_constraints_valid_host(&cbs)) {
 			FAIL("Valid hostname '%s' rejected\n",
 			    valid_hostnames[i]);
 			failure = 1;
 			goto done;
 		}
-		if (!x509_constraints_valid_sandns(valid_hostnames[i],
-			strlen(valid_hostnames[i]))) {
+		CBS_init(&cbs, valid_hostnames[i], strlen(valid_hostnames[i]));
+		if (!x509_constraints_valid_sandns(&cbs)) {
 			FAIL("Valid sandns '%s' rejected\n",
 			    valid_hostnames[i]);
 			failure = 1;
@@ -192,8 +192,10 @@ test_valid_sandns_names(void)
 {
 	int i, failure = 0;
 	for (i = 0; valid_sandns_names[i] != NULL; i++) {
-		if (!x509_constraints_valid_sandns(valid_sandns_names[i],
-			strlen(valid_sandns_names[i]))) {
+		CBS cbs;
+		CBS_init(&cbs, valid_sandns_names[i],
+		    strlen(valid_sandns_names[i]));
+		if (!x509_constraints_valid_sandns(&cbs)) {
 			FAIL("Valid dnsname '%s' rejected\n",
 			    valid_sandns_names[i]);
 			failure = 1;
@@ -209,8 +211,10 @@ test_valid_domain_constraints(void)
 {
 	int i, failure = 0;
 	for (i = 0; valid_domain_constraints[i] != NULL; i++) {
-		if (!x509_constraints_valid_domain_constraint(valid_domain_constraints[i],
-		    strlen(valid_domain_constraints[i]))) {
+		CBS cbs;
+		CBS_init(&cbs, valid_domain_constraints[i],
+		    strlen(valid_domain_constraints[i]));
+		if (!x509_constraints_valid_domain_constraint(&cbs)) {
 			FAIL("Valid dnsname '%s' rejected\n",
 			    valid_domain_constraints[i]);
 			failure = 1;
@@ -227,8 +231,10 @@ test_valid_mbox_names(void)
 	struct x509_constraints_name name = {0};
 	int i, failure = 0;
 	for (i = 0; valid_mbox_names[i] != NULL; i++) {
-		if (!x509_constraints_parse_mailbox(valid_mbox_names[i],
-		    strlen(valid_mbox_names[i]), &name)) {
+		CBS cbs;
+		CBS_init(&cbs, valid_mbox_names[i],
+		    strlen(valid_mbox_names[i]));
+		if (!x509_constraints_parse_mailbox(&cbs, &name)) {
 			FAIL("Valid mailbox name '%s' rejected\n",
 			    valid_mbox_names[i]);
 			failure = 1;
@@ -250,22 +256,25 @@ test_invalid_hostnames(void)
 	char *nulhost = "www.openbsd.org\0";
 
 	for (i = 0; invalid_hostnames[i] != NULL; i++) {
-		if (x509_constraints_valid_host(invalid_hostnames[i],
-		    strlen(invalid_hostnames[i]))) {
+		CBS cbs;
+		CBS_init(&cbs, invalid_hostnames[i],
+		    strlen(invalid_hostnames[i]));
+		if (x509_constraints_valid_host(&cbs)) {
 			FAIL("Invalid hostname '%s' accepted\n",
 			    invalid_hostnames[i]);
 			failure = 1;
 			goto done;
 		}
 	}
-	if (x509_constraints_valid_host(nulhost,
-	    strlen(nulhost) + 1)) {
+	CBS cbs;
+	CBS_init(&cbs, nulhost, strlen(nulhost) + 1);
+	if (x509_constraints_valid_host(&cbs)) {
 		FAIL("hostname with NUL byte accepted\n");
 		failure = 1;
 		goto done;
 	}
-	if (x509_constraints_valid_sandns(nulhost,
-	    strlen(nulhost) + 1)) {
+	CBS_init(&cbs, nulhost, strlen(nulhost) + 1);
+	if (x509_constraints_valid_sandns(&cbs)) {
 		FAIL("sandns with NUL byte accepted\n");
 		failure = 1;
 		goto done;
@@ -279,8 +288,10 @@ test_invalid_sandns_names(void)
 {
 	int i, failure = 0;
 	for (i = 0; invalid_sandns_names[i] != NULL; i++) {
-		if (x509_constraints_valid_sandns(invalid_sandns_names[i],
-		    strlen(invalid_sandns_names[i]))) {
+		CBS cbs;
+		CBS_init(&cbs, invalid_sandns_names[i],
+		    strlen(invalid_sandns_names[i]));
+		if (x509_constraints_valid_sandns(&cbs)) {
 			FAIL("Valid dnsname '%s' rejected\n",
 			    invalid_sandns_names[i]);
 			failure = 1;
@@ -297,8 +308,10 @@ test_invalid_mbox_names(void)
 	int i, failure = 0;
 	struct x509_constraints_name name = {0};
 	for (i = 0; invalid_mbox_names[i] != NULL; i++) {
-		if (x509_constraints_parse_mailbox(invalid_mbox_names[i],
-		    strlen(invalid_mbox_names[i]), &name)) {
+		CBS cbs;
+		CBS_init(&cbs, invalid_mbox_names[i],
+		    strlen(invalid_mbox_names[i]));
+		if (x509_constraints_parse_mailbox(&cbs, &name)) {
 			FAIL("invalid mailbox name '%s' accepted\n",
 			    invalid_mbox_names[i]);
 			failure = 1;
@@ -318,8 +331,10 @@ test_invalid_domain_constraints(void)
 {
 	int i, failure = 0;
 	for (i = 0; invalid_domain_constraints[i] != NULL; i++) {
-		if (x509_constraints_valid_domain_constraint(invalid_domain_constraints[i],
-		    strlen(invalid_domain_constraints[i]))) {
+		CBS cbs;
+		CBS_init(&cbs, invalid_domain_constraints[i],
+		    strlen(invalid_domain_constraints[i]));
+		if (x509_constraints_valid_domain_constraint(&cbs)) {
 			FAIL("invalid dnsname '%s' accepted\n",
 			    invalid_domain_constraints[i]);
 			failure = 1;
@@ -333,12 +348,12 @@ test_invalid_domain_constraints(void)
 static int
 test_invalid_uri(void)
 {
-	int j, failure=0;
+	int j, failure = 0;
 	char *hostpart = NULL;
 
 	for (j = 0; invaliduri[j] != NULL; j++) {
 		if (x509_constraints_uri_host(invaliduri[j],
-			strlen(invaliduri[j]), &hostpart) != 0) {
+		    strlen(invaliduri[j]), &hostpart) != 0) {
 			FAIL("invalid URI '%s' accepted\n",
 			    invaliduri[j]);
 			failure = 1;
@@ -355,8 +370,10 @@ test_invalid_uri(void)
 static int
 test_constraints1(void)
 {
-	char *c; size_t cl;
-	char *d; size_t dl;
+	char *c;
+	size_t cl;
+	char *d;
+	size_t dl;
 	int failure = 0;
 	int error = 0;
 	int i, j;
@@ -450,7 +467,7 @@ test_constraints1(void)
 			char *hostpart = NULL;
 			error = 0;
 			if (!x509_constraints_uri_host(noauthority[j],
-				strlen(noauthority[j]), &hostpart)) {
+			    strlen(noauthority[j]), &hostpart)) {
 				FAIL("name '%s' should parse as a URI",
 				    noauthority[j]);
 				failure = 1;
-- 
cgit v1.2.3-55-g6feb