From 1f25fa5db5e5b3d240ad71b404053f099fcf5a13 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Mon, 29 Mar 2021 06:50:44 +0000
Subject: [PATCH] Inline x509_get_extensions() and remove it

Since aia, aki and ski are all represented by char *, this is an
error-prone interface - as found by job. The function doesn't do
much anyway.

ok claudio
---
 usr.sbin/rpki-client/extern.h |  4 +---
 usr.sbin/rpki-client/gbr.c    | 10 +++++++---
 usr.sbin/rpki-client/mft.c    | 12 +++++++++---
 usr.sbin/rpki-client/roa.c    | 13 ++++++++++---
 usr.sbin/rpki-client/x509.c   | 29 +----------------------------
 5 files changed, 28 insertions(+), 40 deletions(-)

diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h
index 0074022ea3a..69014ba7076 100644
--- a/usr.sbin/rpki-client/extern.h
+++ b/usr.sbin/rpki-client/extern.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: extern.h,v 1.57 2021/03/28 16:22:17 job Exp $ */
+/*	$OpenBSD: extern.h,v 1.58 2021/03/29 06:50:44 tb Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -436,8 +436,6 @@ int		 io_recvfd(int, void *, size_t);
 char		*x509_get_aia(X509 *, const char *);
 char		*x509_get_aki(X509 *, int, const char *);
 char		*x509_get_ski(X509 *, const char *);
-int		 x509_get_extensions(X509 *, const char *, char **, char **,
-			char **);
 char		*x509_get_crl(X509 *, const char *);
 char		*x509_crl_get_aki(X509_CRL *, const char *);
 
diff --git a/usr.sbin/rpki-client/gbr.c b/usr.sbin/rpki-client/gbr.c
index b8238de3b62..43f2915224d 100644
--- a/usr.sbin/rpki-client/gbr.c
+++ b/usr.sbin/rpki-client/gbr.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: gbr.c,v 1.8 2021/03/29 06:38:35 tb Exp $ */
+/*	$OpenBSD: gbr.c,v 1.9 2021/03/29 06:50:44 tb Exp $ */
 /*
  * Copyright (c) 2020 Claudio Jeker <claudio@openbsd.org>
  *
@@ -64,8 +64,12 @@ gbr_parse(X509 **x509, const char *fn)
 		err(1, NULL);
 	free(cms);
 
-	if (!x509_get_extensions(*x509, fn, &p.res->aia, &p.res->aki,
-	    &p.res->ski)) {
+	p.res->aia = x509_get_aia(*x509, fn);
+	p.res->aki = x509_get_aki(*x509, 0, fn);
+	p.res->ski = x509_get_ski(*x509, fn);
+	if (p.res->aia == NULL || p.res->aki == NULL || p.res->ski == NULL) {
+		warnx("%s: RFC 6487 section 4.8: "
+		    "missing AIA, AKI or SKI X509 extension", fn);
 		gbr_free(p.res);
 		X509_free(*x509);
 		*x509 = NULL;
diff --git a/usr.sbin/rpki-client/mft.c b/usr.sbin/rpki-client/mft.c
index 195b99345a1..cd815e9fe8d 100644
--- a/usr.sbin/rpki-client/mft.c
+++ b/usr.sbin/rpki-client/mft.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: mft.c,v 1.31 2021/03/28 16:22:17 job Exp $ */
+/*	$OpenBSD: mft.c,v 1.32 2021/03/29 06:50:44 tb Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -432,9 +432,15 @@ mft_parse(X509 **x509, const char *fn)
 		err(1, NULL);
 	if ((p.res->file = strdup(fn)) == NULL)
 		err(1, NULL);
-	if (!x509_get_extensions(*x509, fn, &p.res->aia, &p.res->aki,
-	    &p.res->ski))
+
+	p.res->aia = x509_get_aia(*x509, fn);
+	p.res->aki = x509_get_aki(*x509, 0, fn);
+	p.res->ski = x509_get_ski(*x509, fn);
+	if (p.res->aia == NULL || p.res->aki == NULL || p.res->ski == NULL) {
+		warnx("%s: RFC 6487 section 4.8: "
+		    "missing AIA, AKI or SKI X509 extension", fn);
 		goto out;
+	}
 
 	/*
 	 * If we're stale, then remove all of the files that the MFT
diff --git a/usr.sbin/rpki-client/roa.c b/usr.sbin/rpki-client/roa.c
index 953a7da38cf..f9e34f0fe2a 100644
--- a/usr.sbin/rpki-client/roa.c
+++ b/usr.sbin/rpki-client/roa.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: roa.c,v 1.16 2021/03/27 18:12:15 job Exp $ */
+/*	$OpenBSD: roa.c,v 1.17 2021/03/29 06:50:44 tb Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -348,9 +348,16 @@ roa_parse(X509 **x509, const char *fn)
 
 	if ((p.res = calloc(1, sizeof(struct roa))) == NULL)
 		err(1, NULL);
-	if (!x509_get_extensions(*x509, fn, &p.res->aia, &p.res->aki,
-	    &p.res->ski))
+
+	p.res->aia = x509_get_aia(*x509, fn);
+	p.res->aki = x509_get_aki(*x509, 0, fn);
+	p.res->ski = x509_get_ski(*x509, fn);
+	if (p.res->aia == NULL || p.res->aki == NULL || p.res->ski == NULL) {
+		warnx("%s: RFC 6487 section 4.8: "
+		    "missing AIA, AKI or SKI X509 extension", fn);
 		goto out;
+	}
+
 	if (!roa_parse_econtent(cms, cmsz, &p))
 		goto out;
 
diff --git a/usr.sbin/rpki-client/x509.c b/usr.sbin/rpki-client/x509.c
index 10fb1c6f135..c5c812c49e5 100644
--- a/usr.sbin/rpki-client/x509.c
+++ b/usr.sbin/rpki-client/x509.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: x509.c,v 1.18 2021/03/29 04:00:38 tb Exp $ */
+/*	$OpenBSD: x509.c,v 1.19 2021/03/29 06:50:44 tb Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -199,33 +199,6 @@ out:
 	return aia;
 }
 
-/*
- * Wraps around x509_get_aia, x509_get_aki, and x509_get_ski.
- * Returns zero on failure (out pointers are NULL) or non-zero on
- * success (out pointers must be freed).
- */
-int
-x509_get_extensions(X509 *x, const char *fn, char **aia, char **aki, char **ski)
-{
-	*aia = *aki = *ski = NULL;
-
-	*aia = x509_get_aia(x, fn);
-	*aki = x509_get_aki(x, 0, fn);
-	*ski = x509_get_ski(x, fn);
-
-	if (*aia == NULL || *aki == NULL || *ski == NULL) {
-		warnx("%s: RFC 6487 section 4.8: "
-		    "missing AIA, AKI or SKI X509 extension", fn);
-		free(*aia);
-		free(*aki);
-		free(*ski);
-		*aia = *aki = *ski = NULL;
-		return 0;
-	}
-
-	return 1;
-}
-
 /*
  * Parse the very specific subset of information in the CRL distribution
  * point extension.
-- 
2.20.1