Skip to content

Commit

Permalink
crypto/x509/v3_addr.c: fix style nits reported by check-format.pl
Browse files Browse the repository at this point in the history 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from #18668)
  • Loading branch information
@DDvO
DDvO committed Jul 19, 2022
1 parent 6097eb2 commit 30d398a
Showing 1 changed file with 57 additions and 34 deletions.
91 changes: 57 additions & 34 deletions crypto/x509/v3_addr.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,28 +33,28 @@
*/

ASN1_SEQUENCE(IPAddressRange) = {
ASN1_SIMPLE(IPAddressRange, min, ASN1_BIT_STRING),
ASN1_SIMPLE(IPAddressRange, max, ASN1_BIT_STRING)
ASN1_SIMPLE(IPAddressRange, min, ASN1_BIT_STRING),
ASN1_SIMPLE(IPAddressRange, max, ASN1_BIT_STRING)
} ASN1_SEQUENCE_END(IPAddressRange)

ASN1_CHOICE(IPAddressOrRange) = {
ASN1_SIMPLE(IPAddressOrRange, u.addressPrefix, ASN1_BIT_STRING),
ASN1_SIMPLE(IPAddressOrRange, u.addressRange, IPAddressRange)
ASN1_SIMPLE(IPAddressOrRange, u.addressPrefix, ASN1_BIT_STRING),
ASN1_SIMPLE(IPAddressOrRange, u.addressRange, IPAddressRange)
} ASN1_CHOICE_END(IPAddressOrRange)

ASN1_CHOICE(IPAddressChoice) = {
ASN1_SIMPLE(IPAddressChoice, u.inherit, ASN1_NULL),
ASN1_SEQUENCE_OF(IPAddressChoice, u.addressesOrRanges, IPAddressOrRange)
ASN1_SIMPLE(IPAddressChoice, u.inherit, ASN1_NULL),
ASN1_SEQUENCE_OF(IPAddressChoice, u.addressesOrRanges, IPAddressOrRange)
} ASN1_CHOICE_END(IPAddressChoice)

ASN1_SEQUENCE(IPAddressFamily) = {
ASN1_SIMPLE(IPAddressFamily, addressFamily, ASN1_OCTET_STRING),
ASN1_SIMPLE(IPAddressFamily, ipAddressChoice, IPAddressChoice)
ASN1_SIMPLE(IPAddressFamily, addressFamily, ASN1_OCTET_STRING),
ASN1_SIMPLE(IPAddressFamily, ipAddressChoice, IPAddressChoice)
} ASN1_SEQUENCE_END(IPAddressFamily)

ASN1_ITEM_TEMPLATE(IPAddrBlocks) =
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
IPAddrBlocks, IPAddressFamily)
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
IPAddrBlocks, IPAddressFamily)
static_ASN1_ITEM_TEMPLATE_END(IPAddrBlocks)

IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange)
Expand All @@ -65,7 +65,7 @@ IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily)
/*
* How much buffer space do we need for a raw address?
*/
#define ADDR_RAW_BUF_LEN 16
# define ADDR_RAW_BUF_LEN 16

/*
* What's the address length associated with this AFI?
Expand Down Expand Up @@ -109,6 +109,7 @@ static int addr_expand(unsigned char *addr,
memcpy(addr, bs->data, bs->length);
if ((bs->flags & 7) != 0) {
unsigned char mask = 0xFF >> (8 - (bs->flags & 7));

if (fill == 0)
addr[bs->length - 1] &= ~mask;
else
Expand All @@ -122,7 +123,7 @@ static int addr_expand(unsigned char *addr,
/*
* Extract the prefix length from a bitstring.
*/
#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
# define addr_prefixlen(bs) ((int)((bs)->length * 8 - ((bs)->flags & 7)))

/*
* i2r handler for one address bitstring.
Expand Down Expand Up @@ -173,8 +174,10 @@ static int i2r_IPAddressOrRanges(BIO *out,
const unsigned afi)
{
int i;

for (i = 0; i < sk_IPAddressOrRange_num(aors); i++) {
const IPAddressOrRange *aor = sk_IPAddressOrRange_value(aors, i);

BIO_printf(out, "%*s", indent, "");
switch (aor->type) {
case IPAddressOrRange_addressPrefix:
Expand Down Expand Up @@ -203,9 +206,11 @@ static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method,
{
const IPAddrBlocks *addr = ext;
int i;

for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
const unsigned int afi = X509v3_addr_get_afi(f);

switch (afi) {
case IANA_AFI_IPV4:
BIO_printf(out, "%*sIPv4", indent, "");
Expand Down Expand Up @@ -407,9 +412,8 @@ static int make_addressPrefix(IPAddressOrRange **result,
goto err;
if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, bytelen))
goto err;
if (bitlen > 0) {
if (bitlen > 0)
aor->u.addressPrefix->data[bytelen - 1] &= ~(0xFF >> bitlen);
}
ossl_asn1_string_set_bits_left(aor->u.addressPrefix, 8 - bitlen);

*result = aor;
Expand Down Expand Up @@ -457,6 +461,7 @@ static int make_addressRange(IPAddressOrRange **result,
if (i > 0) {
unsigned char b = min[i - 1];
int j = 1;

while ((b & (0xFFU >> j)) != 0)
++j;
aor->u.addressRange->min->flags |= 8 - j;
Expand All @@ -469,6 +474,7 @@ static int make_addressRange(IPAddressOrRange **result,
if (i > 0) {
unsigned char b = max[i - 1];
int j = 1;

while ((b & (0xFFU >> j)) != (0xFFU >> j))
++j;
aor->u.addressRange->max->flags |= 8 - j;
Expand Down Expand Up @@ -537,6 +543,7 @@ int X509v3_addr_add_inherit(IPAddrBlocks *addr,
const unsigned afi, const unsigned *safi)
{
IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);

if (f == NULL ||
f->ipAddressChoice == NULL ||
(f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
Expand Down Expand Up @@ -596,6 +603,7 @@ int X509v3_addr_add_prefix(IPAddrBlocks *addr,
{
IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
IPAddressOrRange *aor;

if (aors == NULL || !make_addressPrefix(&aor, a, prefixlen))
return 0;
if (sk_IPAddressOrRange_push(aors, aor))
Expand All @@ -615,6 +623,7 @@ int X509v3_addr_add_range(IPAddrBlocks *addr,
IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
IPAddressOrRange *aor;
int length = length_from_afi(afi);

if (aors == NULL)
return 0;
if (!make_addressRange(&aor, min, max, length))
Expand Down Expand Up @@ -653,6 +662,7 @@ int X509v3_addr_get_range(IPAddressOrRange *aor,
unsigned char *max, const int length)
{
int afi_length = length_from_afi(afi);

if (aor == NULL || min == NULL || max == NULL ||
afi_length == 0 || length < afi_length ||
(aor->type != IPAddressOrRange_addressPrefix &&
Expand Down Expand Up @@ -680,6 +690,7 @@ static int IPAddressFamily_cmp(const IPAddressFamily *const *a_,
const ASN1_OCTET_STRING *b = (*b_)->addressFamily;
int len = ((a->length <= b->length) ? a->length : b->length);
int cmp = memcmp(a->data, b->data, len);

return cmp ? cmp : a->length - b->length;
}

Expand All @@ -705,6 +716,7 @@ int X509v3_addr_is_canonical(IPAddrBlocks *addr)
for (i = 0; i < sk_IPAddressFamily_num(addr) - 1; i++) {
const IPAddressFamily *a = sk_IPAddressFamily_value(addr, i);
const IPAddressFamily *b = sk_IPAddressFamily_value(addr, i + 1);

if (IPAddressFamily_cmp(&a, &b) >= 0)
return 0;
}
Expand Down Expand Up @@ -776,6 +788,7 @@ int X509v3_addr_is_canonical(IPAddrBlocks *addr)
j = sk_IPAddressOrRange_num(aors) - 1;
{
IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);

if (a != NULL && a->type == IPAddressOrRange_addressRange) {
if (!extract_min_max(a, a_min, a_max, length))
return 0;
Expand Down Expand Up @@ -838,6 +851,7 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--) ;
if (memcmp(a_max, b_min, length) == 0) {
IPAddressOrRange *merged;

if (!make_addressRange(&merged, a_min, b_max, length))
return 0;
(void)sk_IPAddressOrRange_set(aors, i, merged);
Expand All @@ -855,8 +869,10 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
j = sk_IPAddressOrRange_num(aors) - 1;
{
IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);

if (a != NULL && a->type == IPAddressOrRange_addressRange) {
unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];

if (!extract_min_max(a, a_min, a_max, length))
return 0;
if (memcmp(a_min, a_max, length) > 0)
Expand All @@ -873,8 +889,10 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
int X509v3_addr_canonize(IPAddrBlocks *addr)
{
int i;

for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);

if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
!IPAddressOrRanges_canonize(f->ipAddressChoice->
u.addressesOrRanges,
Expand Down Expand Up @@ -1076,10 +1094,12 @@ const X509V3_EXT_METHOD ossl_v3_addr = {
int X509v3_addr_inherits(IPAddrBlocks *addr)
{
int i;

if (addr == NULL)
return 0;
for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);

if (f->ipAddressChoice->type == IPAddressChoice_inherit)
return 1;
}
Expand Down Expand Up @@ -1129,6 +1149,7 @@ static int addr_contains(IPAddressOrRanges *parent,
int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
{
int i;

if (a == NULL || a == b)
return 1;
if (b == NULL || X509v3_addr_inherits(a) || X509v3_addr_inherits(b))
Expand All @@ -1137,8 +1158,8 @@ int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
int j = sk_IPAddressFamily_find(b, fa);
IPAddressFamily *fb;
fb = sk_IPAddressFamily_value(b, j);
IPAddressFamily *fb = sk_IPAddressFamily_value(b, j);

if (fb == NULL)
return 0;
if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges,
Expand All @@ -1152,19 +1173,19 @@ int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
/*
* Validation error handling via callback.
*/
#define validation_err(_err_) \
do { \
if (ctx != NULL) { \
ctx->error = _err_; \
ctx->error_depth = i; \
ctx->current_cert = x; \
ret = ctx->verify_cb(0, ctx); \
} else { \
ret = 0; \
} \
if (!ret) \
goto done; \
} while (0)
# define validation_err(_err_) \
do { \
if (ctx != NULL) { \
ctx->error = _err_; \
ctx->error_depth = i; \
ctx->current_cert = x; \
ret = ctx->verify_cb(0, ctx); \
} else { \
ret = 0; \
} \
if (!ret) \
goto done; \
} while (0)

/*
* Core code for RFC 3779 2.3 path validation.
Expand Down Expand Up @@ -1226,6 +1247,7 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
if (x->rfc3779_addr == NULL) {
for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);

if (fc->ipAddressChoice->type != IPAddressChoice_inherit) {
validation_err(X509_V_ERR_UNNESTED_RESOURCE);
break;
Expand All @@ -1240,6 +1262,7 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc);
IPAddressFamily *fp =
sk_IPAddressFamily_value(x->rfc3779_addr, k);

if (fp == NULL) {
if (fc->ipAddressChoice->type ==
IPAddressChoice_addressesOrRanges) {
Expand All @@ -1266,8 +1289,8 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
*/
if (x->rfc3779_addr != NULL) {
for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) {
IPAddressFamily *fp =
sk_IPAddressFamily_value(x->rfc3779_addr, j);
IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, j);

if (fp->ipAddressChoice->type == IPAddressChoice_inherit
&& sk_IPAddressFamily_find(child, fp) >= 0)
validation_err(X509_V_ERR_UNNESTED_RESOURCE);
Expand All @@ -1279,7 +1302,7 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
return ret;
}

#undef validation_err
# undef validation_err

/*
* RFC 3779 2.3 path validation -- called from X509_verify_cert().
Expand All @@ -1300,7 +1323,7 @@ int X509v3_addr_validate_path(X509_STORE_CTX *ctx)
* Test whether chain covers extension.
*/
int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain,
IPAddrBlocks *ext, int allow_inheritance)
IPAddrBlocks *ext, int allow_inheritance)
{
if (ext == NULL)
return 1;
Expand All @@ -1311,4 +1334,4 @@ int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain,
return addr_validate_path_internal(NULL, chain, ext);
}

#endif /* OPENSSL_NO_RFC3779 */
#endif /* OPENSSL_NO_RFC3779 */

0 comments on commit 30d398a

Please sign in to comment.