From: tb <tb@openbsd.org>
Date: Tue, 31 May 2022 18:33:16 +0000 (+0000)
Subject: Prepare rewrite of rsc.c with templated ASN.1
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=565a9191f8c6e19e7e8ac875bccd4670899a00f9;p=openbsd

Prepare rewrite of rsc.c with templated ASN.1

Change signatures of various functions to avoid using struct parse and
expose sbgp_as_{id,range}() and sbgp_addr{,_range}() so they can be used
from rsc.c. This is a mostly mechanical diff.

ok claudio job
---

diff --git a/usr.sbin/rpki-client/cert.c b/usr.sbin/rpki-client/cert.c
index 1db1e5e883d..891adc2455f 100644
--- a/usr.sbin/rpki-client/cert.c
+++ b/usr.sbin/rpki-client/cert.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: cert.c,v 1.82 2022/05/15 15:00:53 deraadt Exp $ */
+/*	$OpenBSD: cert.c,v 1.83 2022/05/31 18:33:16 tb Exp $ */
 /*
  * Copyright (c) 2021 Job Snijders <job@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -58,11 +58,12 @@ extern ASN1_OBJECT	*notify_oid;	/* 1.3.6.1.5.5.7.48.13 (rpkiNotify) */
  * Returns zero on failure (IP overlap) non-zero on success.
  */
 static int
-append_ip(struct parse *p, const struct cert_ip *ip)
+append_ip(const char *fn, struct cert_ip *ips, size_t *ipsz,
+    const struct cert_ip *ip)
 {
-	if (!ip_addr_check_overlap(ip, p->fn, p->res->ips, p->res->ipsz))
+	if (!ip_addr_check_overlap(ip, fn, ips, *ipsz))
 		return 0;
-	p->res->ips[p->res->ipsz++] = *ip;
+	ips[(*ipsz)++] = *ip;
 	return 1;
 }
 
@@ -72,11 +73,12 @@ append_ip(struct parse *p, const struct cert_ip *ip)
  * as defined by RFC 3779 section 3.3.
  */
 static int
-append_as(struct parse *p, const struct cert_as *as)
+append_as(const char *fn, struct cert_as *ases, size_t *asz,
+    const struct cert_as *as)
 {
-	if (!as_check_overlap(as, p->fn, p->res->as, p->res->asz))
+	if (!as_check_overlap(as, fn, ases, *asz))
 		return 0;
-	p->res->as[p->res->asz++] = *as;
+	ases[(*asz)++] = *as;
 	return 1;
 }
 
@@ -84,8 +86,9 @@ append_as(struct parse *p, const struct cert_as *as)
  * Parse a range of AS identifiers as in 3.2.3.8.
  * Returns zero on failure, non-zero on success.
  */
-static int
-sbgp_asrange(struct parse *p, const ASRange *range)
+int
+sbgp_as_range(const char *fn, struct cert_as *ases, size_t *asz,
+    const ASRange *range)
 {
 	struct cert_as		 as;
 
@@ -94,34 +97,35 @@ sbgp_asrange(struct parse *p, const ASRange *range)
 
 	if (!as_id_parse(range->min, &as.range.min)) {
 		warnx("%s: RFC 3779 section 3.2.3.8 (via RFC 1930): "
-		    "malformed AS identifier", p->fn);
+		    "malformed AS identifier", fn);
 		return 0;
 	}
 
 	if (!as_id_parse(range->max, &as.range.max)) {
 		warnx("%s: RFC 3779 section 3.2.3.8 (via RFC 1930): "
-		    "malformed AS identifier", p->fn);
+		    "malformed AS identifier", fn);
 		return 0;
 	}
 
 	if (as.range.max == as.range.min) {
 		warnx("%s: RFC 3379 section 3.2.3.8: ASRange: "
-		    "range is singular", p->fn);
+		    "range is singular", fn);
 		return 0;
 	} else if (as.range.max < as.range.min) {
 		warnx("%s: RFC 3379 section 3.2.3.8: ASRange: "
-		    "range is out of order", p->fn);
+		    "range is out of order", fn);
 		return 0;
 	}
 
-	return append_as(p, &as);
+	return append_as(fn, ases, asz, &as);
 }
 
 /*
  * Parse an entire 3.2.3.10 integer type.
  */
-static int
-sbgp_asid(struct parse *p, const ASN1_INTEGER *i)
+int
+sbgp_as_id(const char *fn, struct cert_as *ases, size_t *asz,
+    const ASN1_INTEGER *i)
 {
 	struct cert_as	 as;
 
@@ -130,27 +134,27 @@ sbgp_asid(struct parse *p, const ASN1_INTEGER *i)
 
 	if (!as_id_parse(i, &as.id)) {
 		warnx("%s: RFC 3779 section 3.2.3.10 (via RFC 1930): "
-		    "malformed AS identifier", p->fn);
+		    "malformed AS identifier", fn);
 		return 0;
 	}
 	if (as.id == 0) {
 		warnx("%s: RFC 3779 section 3.2.3.10 (via RFC 1930): "
-		    "AS identifier zero is reserved", p->fn);
+		    "AS identifier zero is reserved", fn);
 		return 0;
 	}
 
-	return append_as(p, &as);
+	return append_as(fn, ases, asz, &as);
 }
 
 static int
-sbgp_asinherit(struct parse *p)
+sbgp_as_inherit(const char *fn, struct cert_as *ases, size_t *asz)
 {
 	struct cert_as as;
 
 	memset(&as, 0, sizeof(struct cert_as));
 	as.type = CERT_AS_INHERIT;
 
-	return append_as(p, &as);
+	return append_as(fn, ases, asz, &as);
 }
 
 /*
@@ -214,7 +218,7 @@ sbgp_assysnum(struct parse *p, X509_EXTENSION *ext)
 		err(1, NULL);
 
 	if (aors == NULL) {
-		if (!sbgp_asinherit(p))
+		if (!sbgp_as_inherit(p->fn, p->res->as, &p->res->asz))
 			goto out;
 	}
 
@@ -224,11 +228,13 @@ sbgp_assysnum(struct parse *p, X509_EXTENSION *ext)
 		aor = sk_ASIdOrRange_value(aors, i);
 		switch (aor->type) {
 		case ASIdOrRange_id:
-			if (!sbgp_asid(p, aor->u.id))
+			if (!sbgp_as_id(p->fn, p->res->as, &p->res->asz,
+			    aor->u.id))
 				goto out;
 			break;
 		case ASIdOrRange_range:
-			if (!sbgp_asrange(p, aor->u.range))
+			if (!sbgp_as_range(p->fn, p->res->as, &p->res->asz,
+			    aor->u.range))
 				goto out;
 			break;
 		default:
@@ -248,8 +254,9 @@ sbgp_assysnum(struct parse *p, X509_EXTENSION *ext)
  * Construct a RFC 3779 2.2.3.8 range from its bit string.
  * Returns zero on failure, non-zero on success.
  */
-static int
-sbgp_addr(struct parse *p, enum afi afi, const ASN1_BIT_STRING *bs)
+int
+sbgp_addr(const char *fn, struct cert_ip *ips, size_t *ipsz, enum afi afi,
+    const ASN1_BIT_STRING *bs)
 {
 	struct cert_ip	ip;
 
@@ -258,27 +265,28 @@ sbgp_addr(struct parse *p, enum afi afi, const ASN1_BIT_STRING *bs)
 	ip.afi = afi;
 	ip.type = CERT_IP_ADDR;
 
-	if (!ip_addr_parse(bs, afi, p->fn, &ip.ip)) {
+	if (!ip_addr_parse(bs, afi, fn, &ip.ip)) {
 		warnx("%s: RFC 3779 section 2.2.3.8: IPAddress: "
-		    "invalid IP address", p->fn);
+		    "invalid IP address", fn);
 		return 0;
 	}
 
 	if (!ip_cert_compose_ranges(&ip)) {
 		warnx("%s: RFC 3779 section 2.2.3.8: IPAddress: "
-		    "IP address range reversed", p->fn);
+		    "IP address range reversed", fn);
 		return 0;
 	}
 
-	return append_ip(p, &ip);
+	return append_ip(fn, ips, ipsz, &ip);
 }
 
 /*
  * Parse RFC 3779 2.2.3.9 range of addresses.
  * Returns zero on failure, non-zero on success.
  */
-static int
-sbgp_addr_range(struct parse *p, enum afi afi, const IPAddressRange *range)
+int
+sbgp_addr_range(const char *fn, struct cert_ip *ips, size_t *ipsz,
+    enum afi afi, const IPAddressRange *range)
 {
 	struct cert_ip	ip;
 
@@ -287,29 +295,30 @@ sbgp_addr_range(struct parse *p, enum afi afi, const IPAddressRange *range)
 	ip.afi = afi;
 	ip.type = CERT_IP_RANGE;
 
-	if (!ip_addr_parse(range->min, afi, p->fn, &ip.range.min)) {
+	if (!ip_addr_parse(range->min, afi, fn, &ip.range.min)) {
 		warnx("%s: RFC 3779 section 2.2.3.9: IPAddressRange: "
-		    "invalid IP address", p->fn);
+		    "invalid IP address", fn);
 		return 0;
 	}
 
-	if (!ip_addr_parse(range->max, afi, p->fn, &ip.range.max)) {
+	if (!ip_addr_parse(range->max, afi, fn, &ip.range.max)) {
 		warnx("%s: RFC 3779 section 2.2.3.9: IPAddressRange: "
-		    "invalid IP address", p->fn);
+		    "invalid IP address", fn);
 		return 0;
 	}
 
 	if (!ip_cert_compose_ranges(&ip)) {
 		warnx("%s: RFC 3779 section 2.2.3.9: IPAddressRange: "
-		    "IP address range reversed", p->fn);
+		    "IP address range reversed", fn);
 		return 0;
 	}
 
-	return append_ip(p, &ip);
+	return append_ip(fn, ips, ipsz, &ip);
 }
 
 static int
-sbgp_addr_inherit(struct parse *p, enum afi afi)
+sbgp_addr_inherit(const char *fn, struct cert_ip *ips, size_t *ipsz,
+    enum afi afi)
 {
 	struct cert_ip	ip;
 
@@ -318,7 +327,7 @@ sbgp_addr_inherit(struct parse *p, enum afi afi)
 	ip.afi = afi;
 	ip.type = CERT_IP_INHERIT;
 
-	return append_ip(p, &ip);
+	return append_ip(fn, ips, ipsz, &ip);
 }
 
 /*
@@ -380,7 +389,8 @@ sbgp_ipaddrblk(struct parse *p, X509_EXTENSION *ext)
 		}
 
 		if (aors == NULL) {
-			if (!sbgp_addr_inherit(p, afi))
+			if (!sbgp_addr_inherit(p->fn, p->res->ips,
+			    &p->res->ipsz, afi))
 				goto out;
 			continue;
 		}
@@ -389,12 +399,13 @@ sbgp_ipaddrblk(struct parse *p, X509_EXTENSION *ext)
 			aor = sk_IPAddressOrRange_value(aors, j);
 			switch (aor->type) {
 			case IPAddressOrRange_addressPrefix:
-				if (!sbgp_addr(p, afi, aor->u.addressPrefix))
+				if (!sbgp_addr(p->fn, p->res->ips,
+				    &p->res->ipsz, afi, aor->u.addressPrefix))
 					goto out;
 				break;
 			case IPAddressOrRange_addressRange:
-				if (!sbgp_addr_range(p, afi,
-				    aor->u.addressRange))
+				if (!sbgp_addr_range(p->fn, p->res->ips,
+				    &p->res->ipsz, afi, aor->u.addressRange))
 					goto out;
 				break;
 			default:
diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h
index 31381a396c8..bc29217872e 100644
--- a/usr.sbin/rpki-client/extern.h
+++ b/usr.sbin/rpki-client/extern.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: extern.h,v 1.138 2022/05/24 09:20:49 claudio Exp $ */
+/*	$OpenBSD: extern.h,v 1.139 2022/05/31 18:33:16 tb Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -535,6 +535,11 @@ int		 ip_addr_check_covered(enum afi, const unsigned char *,
 int		 ip_cert_compose_ranges(struct cert_ip *);
 void		 ip_roa_compose_ranges(struct roa_ip *);
 
+int		 sbgp_addr(const char *, struct cert_ip *, size_t *,
+		    enum afi, const ASN1_BIT_STRING *);
+int		 sbgp_addr_range(const char *, struct cert_ip *, size_t *,
+		    enum afi, const IPAddressRange *);
+
 /* Work with RFC 3779 AS numbers, ranges. */
 
 int		 as_id_parse(const ASN1_INTEGER *, uint32_t *);
@@ -543,6 +548,11 @@ int		 as_check_overlap(const struct cert_as *, const char *,
 int		 as_check_covered(uint32_t, uint32_t,
 			const struct cert_as *, size_t);
 
+int		 sbgp_as_id(const char *, struct cert_as *, size_t *,
+		    const ASN1_INTEGER *);
+int		 sbgp_as_range(const char *, struct cert_as *, size_t *,
+		    const ASRange *);
+
 /* Parser-specific */
 void		 entity_free(struct entity *);
 void		 entity_read_req(struct ibuf *, struct entity *);