From: tb Date: Tue, 28 Dec 2021 16:10:47 +0000 (+0000) Subject: Convert make_IPAddressFamily to CBS/CBB X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=a51f55ed07b1462a5b3ec470d29a2b26fee79ca5;p=openbsd Convert make_IPAddressFamily to CBS/CBB The IPAddrBlocks type, which represents the IPAddrBlocks extension, should have exactly one IPAddressFamily per AFI+SAFI combination to be delegated. make_IPAddressFamily() first builds up a search key from the afi and safi arguments and then looks for an existing IPAddressFamily with that key in the IPAddrBlocks that was passed in. It returns that if it finds it or allocates and adds a new one. This diff preserves the current behavior that the afi and *safi arguments are truncated to 2 and 1 bytes, respectively. This may change in the future. ok inoguchi jsing --- diff --git a/lib/libcrypto/x509/x509_addr.c b/lib/libcrypto/x509/x509_addr.c index a0c73bdee58..244eea1f234 100644 --- a/lib/libcrypto/x509/x509_addr.c +++ b/lib/libcrypto/x509/x509_addr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_addr.c,v 1.31 2021/12/28 16:05:23 tb Exp $ */ +/* $OpenBSD: x509_addr.c,v 1.32 2021/12/28 16:10:47 tb Exp $ */ /* * Contributed to the OpenSSL Project by the American Registry for * Internet Numbers ("ARIN"). @@ -764,25 +764,32 @@ static IPAddressFamily * make_IPAddressFamily(IPAddrBlocks *addr, const unsigned afi, const unsigned *safi) { - IPAddressFamily *f; - unsigned char key[3]; - int keylen; + IPAddressFamily *f = NULL; + CBB cbb; + CBS cbs; + uint8_t *key = NULL; + size_t keylen; int i; - key[0] = (afi >> 8) & 0xFF; - key[1] = afi & 0xFF; + if (!CBB_init(&cbb, 0)) + goto err; + + if (!CBB_add_u16(&cbb, afi)) + goto err; if (safi != NULL) { - key[2] = *safi & 0xFF; - keylen = 3; - } else { - keylen = 2; + if (!CBB_add_u8(&cbb, *safi)) + goto err; } + if (!CBB_finish(&cbb, &key, &keylen)) + goto err; + for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { f = sk_IPAddressFamily_value(addr, i); - if (f->addressFamily->length == keylen && - !memcmp(f->addressFamily->data, key, keylen)) - return f; + + CBS_init(&cbs, f->addressFamily->data, f->addressFamily->length); + if (CBS_mem_equal(&cbs, key, keylen)) + goto done; } if ((f = IPAddressFamily_new()) == NULL) @@ -792,10 +799,16 @@ make_IPAddressFamily(IPAddrBlocks *addr, const unsigned afi, if (!sk_IPAddressFamily_push(addr, f)) goto err; + done: + free(key); + return f; err: + CBB_cleanup(&cbb); + free(key); IPAddressFamily_free(f); + return NULL; }