From b0c57f0545cee375fdb23addf33f34dd8085f939 Mon Sep 17 00:00:00 2001 From: Theo Buehler Date: Sat, 26 Nov 2022 12:36:20 +0000 Subject: Split eContent extration into a small helper job didn't like jumping over a bunch of code, so handle this via a small helper. It's not as if cms_parse_validate_internal() could not do with a bit of splitting in general. ok job --- usr.sbin/rpki-client/cms.c | 59 ++++++++++++++++++++++++++-------------------- 1 file changed, 33 insertions(+), 26 deletions(-) diff --git a/usr.sbin/rpki-client/cms.c b/usr.sbin/rpki-client/cms.c index 6e0b334e326..f4adecf5c20 100644 --- a/usr.sbin/rpki-client/cms.c +++ b/usr.sbin/rpki-client/cms.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms.c,v 1.22 2022/11/26 12:02:36 job Exp $ */ +/* $OpenBSD: cms.c,v 1.23 2022/11/26 12:36:19 tb Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -33,6 +33,36 @@ extern ASN1_OBJECT *msg_dgst_oid; extern ASN1_OBJECT *sign_time_oid; extern ASN1_OBJECT *bin_sign_time_oid; +static int +cms_extract_econtent(const char *fn, CMS_ContentInfo *cms, unsigned char **res, + size_t *rsz) +{ + ASN1_OCTET_STRING **os = NULL; + + /* Detached signature case: no eContent to extract, so do nothing. */ + if (res == NULL || rsz == NULL) + return 1; + + if ((os = CMS_get0_content(cms)) == NULL || *os == NULL) { + warnx("%s: RFC 6488 section 2.1.4: " + "eContent: zero-length content", fn); + return 0; + } + + /* + * Extract and duplicate the eContent. + * The CMS framework offers us no other way of easily managing + * this information; and since we're going to d2i it anyway, + * simply pass it as the desired underlying types. + */ + if ((*res = malloc((*os)->length)) == NULL) + err(1, NULL); + memcpy(*res, (*os)->data, (*os)->length); + *rsz = (*os)->length; + + return 1; +} + static int cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der, size_t derlen, const ASN1_OBJECT *oid, BIO *bio, unsigned char **res, @@ -40,7 +70,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der, { char buf[128], obuf[128]; const ASN1_OBJECT *obj, *octype; - ASN1_OCTET_STRING **os = NULL, *kid = NULL; + ASN1_OCTET_STRING *kid = NULL; CMS_ContentInfo *cms; STACK_OF(X509) *certs = NULL; STACK_OF(X509_CRL) *crls; @@ -238,31 +268,8 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der, goto out; } - /* - * In the detached sig case: there won't be eContent to extract, so - * jump to out. - */ - if (res == NULL) { - rc = 1; + if (!cms_extract_econtent(fn, cms, res, rsz)) goto out; - } - - if ((os = CMS_get0_content(cms)) == NULL || *os == NULL) { - warnx("%s: RFC 6488 section 2.1.4: " - "eContent: zero-length content", fn); - goto out; - } - - /* - * Extract and duplicate the eContent. - * The CMS framework offers us no other way of easily managing - * this information; and since we're going to d2i it anyway, - * simply pass it as the desired underlying types. - */ - if ((*res = malloc((*os)->length)) == NULL) - err(1, NULL); - memcpy(*res, (*os)->data, (*os)->length); - *rsz = (*os)->length; rc = 1; out: -- cgit v1.2.3