API cleanups prior to handing code to OpenSSL project.

svn path=/openssl/README; revision=273

4 files changed, 120 insertions, 65 deletions

diff --git a/openssl/README b/openssl/README
index cb4c2e02..1304adea 100644
--- a/openssl/README
+++ b/openssl/README
@@ -410,42 +410,31 @@ Final code cleanups before submitting patch to OpenSSL project.
 
   Candidates: constructors:
 
-  - asid_add_id_or_range()	[might need jacket or rewrite]
+  - asid_add_id_or_range()	[minor rewrite, done]
 
-  - asid_add_inherit()		[might need jacket or rewrite]
+  - asid_add_inherit()		[minor rewrite, done]
 
-  - addr_add_range()
+  - addr_add_range()            [rename, done]
 
-  - addr_add_prefix()
+  - addr_add_prefix()           [rename, done]
 
-  - addr_add_inherit()
+  - addr_add_inherit()          [rename, done]
 
   Candidates: manipulation of obscure ASN.1 encodings (v3_addr.c)
 
-  - extract_min_max()		[might need rewrite]
+  - afi_from_addressfamily()    [renamed, now public]
 
-  - addr_expand()		[might need rewrite]
+  - extract_min_max()		[v3_addr_get_range()]
 
-  - addr_prefixlen()		[would need to be a function]
+  - addr_expand()		[v3_addr_get_range()]
 
-  - afi_from_addressfamily()
+  - addr_prefixlen()		[v3_addr_get_range()]
 
-  - length_from_afi()
+  - length_from_afi()           [v3_addr_get_range()]
 
-  I'm not really happy with the number of candidates in the latter
-  category, but I haven't figured out any saner way to deal with the
-  fancy ASN.1 encoding.  Callers really should not have to understand
-  the RFC 3779 mappings between IP addresses and ASN.1 bitstrings.
-  Perhaps all of this can be collapsed into a single function like:
-
-  int v3_addr_extract(IPAddrBlocks *,
-                      IPAddressFamily *,
-                      IPAddressOrRange *,
-                      unsigned char *min,
-                      unsigned char *max,
-		      unsigned length); /* length of min and max */
-
-  which returns zero on error, else returned length of min and max.
+  v3_addr_get_range() is a new public function that encapsulates
+  several of the private functions, by hiding some details and
+  wrapping a lot of error checking around extract_min_max().
 
 - Need patch against OpenSSL HEAD as well as 0.9.8 branch.  Figure out
   how to do that, or ask Ben for help.
diff --git a/openssl/trunk/crypto/x509v3/v3_addr.c b/openssl/trunk/crypto/x509v3/v3_addr.c
index d78e1967..c752f027 100644
--- a/openssl/trunk/crypto/x509v3/v3_addr.c
+++ b/openssl/trunk/crypto/x509v3/v3_addr.c
@@ -127,7 +127,7 @@ static int length_from_afi(const unsigned afi)
 /*
  * Extract the AFI from an IPAddressFamily.
  */
-static unsigned afi_from_addressfamily(const IPAddressFamily *f)
+unsigned v3_addr_get_afi(const IPAddressFamily *f)
 {
   return ((f != NULL &&
 	   f->addressFamily != NULL &&
@@ -242,7 +242,7 @@ static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method,
   int i;
   for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
     IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
-    const unsigned afi = afi_from_addressfamily(f);
+    const unsigned afi = v3_addr_get_afi(f);
     switch (afi) {
     case IANA_AFI_IPV4:
       BIO_printf(out, "%*sIPv4", indent, "");
@@ -549,9 +549,9 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
 /*
  * Add an inheritance element.
  */
-static int addr_add_inherit(IPAddrBlocks *addr,
-			    const unsigned afi,
-			    const unsigned *safi)
+int v3_addr_add_inherit(IPAddrBlocks *addr,
+			const unsigned afi,
+			const unsigned *safi)
 {
   IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
   if (f == NULL ||
@@ -606,11 +606,11 @@ static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr,
 /*
  * Add a prefix.
  */
-static int addr_add_prefix(IPAddrBlocks *addr,
-			   const unsigned afi,
-			   const unsigned *safi,
-			   unsigned char *a,
-			   const int prefixlen)
+int v3_addr_add_prefix(IPAddrBlocks *addr,
+		       const unsigned afi,
+		       const unsigned *safi,
+		       unsigned char *a,
+		       const int prefixlen)
 {
   IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
   IPAddressOrRange *aor;
@@ -625,11 +625,11 @@ static int addr_add_prefix(IPAddrBlocks *addr,
 /*
  * Add a range.
  */
-static int addr_add_range(IPAddrBlocks *addr,
-			  const unsigned afi,
-			  const unsigned *safi,
-			  unsigned char *min,
-			  unsigned char *max)
+int v3_addr_add_range(IPAddrBlocks *addr,
+		      const unsigned afi,
+		      const unsigned *safi,
+		      unsigned char *min,
+		      unsigned char *max)
 {
   IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
   IPAddressOrRange *aor;
@@ -666,6 +666,25 @@ static void extract_min_max(IPAddressOrRange *aor,
 }
 
 /*
+ * Public wrapper for extract_min_max().
+ */
+int v3_addr_get_range(IPAddressOrRange *aor,
+		      const unsigned afi,
+		      unsigned char *min,
+		      unsigned char *max,
+		      const int length)
+{
+  int afi_length = length_from_afi(afi);
+  if (aor == NULL || min == NULL || max == NULL ||
+      afi_length == 0 || length < afi_length ||
+      (aor->type != IPAddressOrRange_addressPrefix &&
+       aor->type != IPAddressOrRange_addressRange))
+    return 0;
+  extract_min_max(aor, min, max, afi_length);
+  return afi_length;
+}
+
+/*
  * Sort comparision function for a sequence of IPAddressFamily.
  *
  * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about
@@ -680,7 +699,7 @@ static int IPAddressFamily_cmp(const IPAddressFamily * const *a_,
 {
   const ASN1_OCTET_STRING *a = (*a_)->addressFamily;
   const ASN1_OCTET_STRING *b = (*b_)->addressFamily;
-  int len = (( a->length <= b->length) ? a->length : b->length);
+  int len = ((a->length <= b->length) ? a->length : b->length);
   int cmp = memcmp(a->data, b->data, len);
   return cmp ? cmp : a->length - b->length;
 }
@@ -716,7 +735,7 @@ int v3_addr_is_canonical(IPAddrBlocks *addr)
    */
   for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
     IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
-    int length = length_from_afi(afi_from_addressfamily(f));
+    int length = length_from_afi(v3_addr_get_afi(f));
 
     /*
      * Inheritance is canonical.  Anything other than inheritance or
@@ -854,7 +873,7 @@ int v3_addr_canonize(IPAddrBlocks *addr)
     IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
     if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
 	!IPAddressOrRanges_canonize(f->ipAddressChoice->u.addressesOrRanges,
-				    afi_from_addressfamily(f)))
+				    v3_addr_get_afi(f)))
       return 0;
   }
   sk_IPAddressFamily_sort(addr);
@@ -941,7 +960,7 @@ static void *v2i_IPAddrBlocks(struct v3_ext_method *method,
      * optimize this (seldom-used) case.
      */
     if (!strcmp(s, "inherit")) {
-      if (!addr_add_inherit(addr, afi, safi)) {
+      if (!v3_addr_add_inherit(addr, afi, safi)) {
 	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_INHERITANCE);
 	X509V3_conf_err(val);
 	goto err;
@@ -970,7 +989,7 @@ static void *v2i_IPAddrBlocks(struct v3_ext_method *method,
 	X509V3_conf_err(val);
 	goto err;
       }
-      if (!addr_add_prefix(addr, afi, safi, min, prefixlen)) {
+      if (!v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) {
 	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
 	goto err;
       }
@@ -988,13 +1007,13 @@ static void *v2i_IPAddrBlocks(struct v3_ext_method *method,
 	X509V3_conf_err(val);
 	goto err;
       }
-      if (!addr_add_range(addr, afi, safi, min, max)) {
+      if (!v3_addr_add_range(addr, afi, safi, min, max)) {
 	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
 	goto err;
       }
       break;
     case '\0':
-      if (!addr_add_prefix(addr, afi, safi, min, length * 8)) {
+      if (!v3_addr_add_prefix(addr, afi, safi, min, length * 8)) {
 	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
 	goto err;
       }
@@ -1108,7 +1127,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
     IPAddressFamily *fb = sk_IPAddressFamily_value(b, j);
     if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, 
 		       fa->ipAddressChoice->u.addressesOrRanges,
-		       length_from_afi(afi_from_addressfamily(fb))))
+		       length_from_afi(v3_addr_get_afi(fb))))
       return 0;
   }
   return 1;
@@ -1204,7 +1223,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
 	if (fc->ipAddressChoice->type == IPAddressChoice_inherit ||
 	    addr_contains(fp->ipAddressChoice->u.addressesOrRanges, 
 			  fc->ipAddressChoice->u.addressesOrRanges,
-			  length_from_afi(afi_from_addressfamily(fc))))
+			  length_from_afi(v3_addr_get_afi(fc))))
 	  sk_IPAddressFamily_set(child, j, fp);
 	else
 	  validation_err(X509_V_ERR_UNNESTED_RESOURCE);
diff --git a/openssl/trunk/crypto/x509v3/v3_asid.c b/openssl/trunk/crypto/x509v3/v3_asid.c
index a989ed64..86272250 100644
--- a/openssl/trunk/crypto/x509v3/v3_asid.c
+++ b/openssl/trunk/crypto/x509v3/v3_asid.c
@@ -195,15 +195,23 @@ static int ASIdOrRange_cmp(const ASIdOrRange * const *a_,
 }
 
 /*
- * Some of the following helper routines might want to become globals
- * eventually.
+ * Add an inherit element.
  */
-
-/*
- * Add an inherit element to an ASIdentifierChoice.
- */
-static int asid_add_inherit(ASIdentifierChoice **choice)
+int v3_asid_add_inherit(ASIdentifiers *asid, int which)
 {
+  ASIdentifierChoice **choice;
+  if (asid == NULL)
+    return 0;
+  switch (which) {
+  case V3_ASID_ASNUM:
+    choice = &asid->asnum;
+    break;
+  case V3_ASID_RDI:
+    choice = &asid->rdi;
+    break;
+  default:
+    return 0;
+  }
   if (*choice == NULL) {
     if ((*choice = ASIdentifierChoice_new()) == NULL)
       return 0;
@@ -218,11 +226,25 @@ static int asid_add_inherit(ASIdentifierChoice **choice)
 /*
  * Add an ID or range to an ASIdentifierChoice.
  */
-static int asid_add_id_or_range(ASIdentifierChoice **choice,
-				ASN1_INTEGER *min,
-				ASN1_INTEGER *max)
+int v3_asid_add_id_or_range(ASIdentifiers *asid,
+			    int which,
+			    ASN1_INTEGER *min,
+			    ASN1_INTEGER *max)
 {
+  ASIdentifierChoice **choice;
   ASIdOrRange *aor;
+  if (asid == NULL)
+    return 0;
+  switch (which) {
+  case V3_ASID_ASNUM:
+    choice = &asid->asnum;
+    break;
+  case V3_ASID_RDI:
+    choice = &asid->rdi;
+    break;
+  default:
+    return 0;
+  }
   if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit)
     return 0;
   if (*choice == NULL) {
@@ -487,17 +509,16 @@ static void *v2i_ASIdentifiers(struct v3_ext_method *method,
 
   for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
     CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
-    ASIdentifierChoice **choice;
     ASN1_INTEGER *min = NULL, *max = NULL;
-    int i1, i2, i3, is_range;
+    int i1, i2, i3, is_range, which;
 
     /*
      * Figure out whether this is an AS or an RDI.
      */
     if (       !name_cmp(val->name, "AS")) {
-      choice = &asid->asnum;
+      which = V3_ASID_ASNUM;
     } else if (!name_cmp(val->name, "RDI")) {
-      choice = &asid->rdi;
+      which = V3_ASID_RDI;
     } else {
       X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_EXTENSION_NAME_ERROR);
       X509V3_conf_err(val);
@@ -508,7 +529,7 @@ static void *v2i_ASIdentifiers(struct v3_ext_method *method,
      * Handle inheritance.
      */
     if (!strcmp(val->value, "inherit")) {
-      if (asid_add_inherit(choice))
+      if (v3_asid_add_inherit(asid, which))
 	continue;
       X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_INHERITANCE);
       X509V3_conf_err(val);
@@ -564,7 +585,7 @@ static void *v2i_ASIdentifiers(struct v3_ext_method *method,
 	goto err;
       }
     }
-    if (!asid_add_id_or_range(choice, min, max)) {
+    if (!v3_asid_add_id_or_range(asid, which, min, max)) {
       ASN1_INTEGER_free(min);
       ASN1_INTEGER_free(max);
       X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
diff --git a/openssl/trunk/crypto/x509v3/x509v3.h b/openssl/trunk/crypto/x509v3/x509v3.h
index 289fbc27..456b4f7a 100644
--- a/openssl/trunk/crypto/x509v3/x509v3.h
+++ b/openssl/trunk/crypto/x509v3/x509v3.h
@@ -710,16 +710,42 @@ DECLARE_ASN1_FUNCTIONS(IPAddressChoice)
 DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
 
 /*
+ * API tag for elements of the ASIdentifer SEQUENCE.
+ */
+#define	V3_ASID_ASNUM	0
+#define	V3_ASID_RDI	1
+
+/*
  * AFI values, assigned by IANA.  It'd be nice to make the AFI
  * handling code totally generic, but there are too many little things
  * that would need to be defined for other address families for it to
  * be worth the trouble.
  */
-
 #define	IANA_AFI_IPV4	1
 #define	IANA_AFI_IPV6	2
 
 /*
+ * Utilities to construct and extract values from RFC3779 extensions,
+ * since some of the encodings (particularly for IP address prefixes
+ * and ranges) are a bit tedious to work with directly.
+ */
+int v3_asid_add_inherit(ASIdentifiers *asid, int which);
+int v3_asid_add_id_or_range(ASIdentifiers *asid, int which,
+			    ASN1_INTEGER *min, ASN1_INTEGER *max);
+int v3_addr_add_inherit(IPAddrBlocks *addr,
+			const unsigned afi, const unsigned *safi);
+int v3_addr_add_prefix(IPAddrBlocks *addr,
+		       const unsigned afi, const unsigned *safi,
+		       unsigned char *a, const int prefixlen);
+int v3_addr_add_range(IPAddrBlocks *addr,
+		      const unsigned afi, const unsigned *safi,
+		      unsigned char *min, unsigned char *max);
+unsigned v3_addr_get_afi(const IPAddressFamily *f);
+int v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,
+		      unsigned char *min, unsigned char *max,
+		      const int length);
+
+/*
  * Canonical forms.
  */
 int v3_asid_is_canonical(ASIdentifiers *asid);