From: tb <tb@openbsd.org>
Date: Mon, 11 Apr 2022 08:28:54 +0000 (+0000)
Subject: Merge sbgp_sia() and sbgp_sia_resource()
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=17e043a304a4a9dc9adc408d7382126aeb3bf67d;p=openbsd

Merge sbgp_sia() and sbgp_sia_resource()

These two functions are now short and easy, so there's no need for a split.
Also, pull the .mft extension check out of sbgp_sia_resource_mft() and use
rtype_from_file_extension() instead.

ok claudio
---

diff --git a/usr.sbin/rpki-client/cert.c b/usr.sbin/rpki-client/cert.c
index 86927e89788..c33d9c0990e 100644
--- a/usr.sbin/rpki-client/cert.c
+++ b/usr.sbin/rpki-client/cert.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: cert.c,v 1.64 2022/04/11 08:04:43 tb Exp $ */
+/*	$OpenBSD: cert.c,v 1.65 2022/04/11 08:28:54 tb Exp $ */
 /*
  * Copyright (c) 2021 Job Snijders <job@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -162,18 +162,12 @@ sbgp_sia_resource_mft(struct parse *p, const char *d, size_t dsz)
 		return 0;
 	}
 
-	/* Make sure it's an MFT rsync address. */
+	/* Make sure it's an rsync address. */
 	if (!valid_uri(d, dsz, "rsync://")) {
 		warnx("%s: RFC 6487 section 4.8.8: bad MFT location", p->fn);
 		return 0;
 	}
 
-	if (dsz < 4 || strcasecmp(d + dsz - 4, ".mft") != 0) {
-		warnx("%s: RFC 6487 section 4.8.8: SIA: "
-		    "not an MFT file", p->fn);
-		return 0;
-	}
-
 	if ((p->res->mft = strndup(d, dsz)) == NULL)
 		err(1, NULL);
 
@@ -257,15 +251,28 @@ sbgp_sia_resource_entry(struct parse *p, ACCESS_DESCRIPTION *ad)
 }
 
 /*
- * Multiple locations as defined in RFC 6487, 4.8.8.1.
+ * Parse "Subject Information Access" extension, RFC 6487 4.8.8.
  * Returns zero on failure, non-zero on success.
  */
 static int
-sbgp_sia_resource(struct parse *p, AUTHORITY_INFO_ACCESS *sia)
+sbgp_sia(struct parse *p, X509_EXTENSION *ext)
 {
+	AUTHORITY_INFO_ACCESS	*sia = NULL;
 	ACCESS_DESCRIPTION	*ad;
 	int			 i, rc = 0;
 
+	if (X509_EXTENSION_get_critical(ext)) {
+		warnx("%s: RFC 6487 section 4.8.8: SIA: "
+		    "extension not non-critical", p->fn);
+		goto out;
+	}
+
+	if ((sia = X509V3_EXT_d2i(ext)) == NULL) {
+		cryptowarnx("%s: RFC 6487 section 4.8.8: SIA: "
+		    "failed extension parse", p->fn);
+		goto out;
+	}
+
 	for (i = 0; i < sk_ACCESS_DESCRIPTION_num(sia); i++) {
 		ad = sk_ACCESS_DESCRIPTION_value(sia, i);
 		if (!sbgp_sia_resource_entry(p, ad))
@@ -285,34 +292,11 @@ sbgp_sia_resource(struct parse *p, AUTHORITY_INFO_ACCESS *sia)
 		goto out;
 	}
 
-	rc = 1;
- out:
-	return rc;
-}
-
-/*
- * Parse "Subject Information Access" extension, RFC 6487 4.8.8.
- * Returns zero on failure, non-zero on success.
- */
-static int
-sbgp_sia(struct parse *p, X509_EXTENSION *ext)
-{
-	AUTHORITY_INFO_ACCESS	*sia = NULL;
-	int			 rc = 0;
-
-	if (X509_EXTENSION_get_critical(ext)) {
+	if (rtype_from_file_extension(p->res->mft) != RTYPE_MFT) {
 		warnx("%s: RFC 6487 section 4.8.8: SIA: "
-		    "extension not non-critical", p->fn);
-		goto out;
-	}
-
-	if ((sia = X509V3_EXT_d2i(ext)) == NULL) {
-		cryptowarnx("%s: RFC 6487 section 4.8.8: SIA: "
-		    "failed extension parse", p->fn);
+		    "not an MFT file", p->fn);
 		goto out;
 	}
-	if (!sbgp_sia_resource(p, sia))
-		goto out;
 
 	rc = 1;
  out: