Download raw body.
rpki-client: unify proc_parser_foo a bit
There is a bit more variety in here than I would like. The below makes
them look more alike. The initialization of x509 and its resetting to
NULL before the successful exit aren't strictly necessary, but I prefer
being explicit here.
Index: parser.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/parser.c,v
diff -u -p -r1.141 parser.c
--- parser.c 12 Jun 2024 10:03:09 -0000 1.141
+++ parser.c 13 Jun 2024 03:33:29 -0000
@@ -165,36 +165,38 @@ static struct roa *
proc_parser_roa(char *file, const unsigned char *der, size_t len,
const struct entity *entp)
{
- struct roa *roa;
+ struct roa *roa = NULL;
+ X509 *x509 = NULL;
struct auth *a;
struct crl *crl;
- X509 *x509;
const char *errstr;
if ((roa = roa_parse(&x509, file, entp->talid, der, len)) == NULL)
- return NULL;
+ goto out;
a = find_issuer(file, entp->certid, roa->aki, entp->mftaki);
- if (a == NULL) {
- X509_free(x509);
- roa_free(roa);
- return NULL;
- }
+ if (a == NULL)
+ goto out;
crl = crl_get(&crlt, a);
if (!valid_x509(file, ctx, x509, a, crl, &errstr)) {
warnx("%s: %s", file, errstr);
- X509_free(x509);
- roa_free(roa);
- return NULL;
+ goto out;
}
X509_free(x509);
+ x509 = NULL;
roa->talid = a->cert->talid;
roa->expires = x509_find_expires(roa->notafter, a, &crlt);
return roa;
+
+ out:
+ roa_free(roa);
+ X509_free(x509);
+
+ return NULL;
}
/*
@@ -205,36 +207,38 @@ static struct spl *
proc_parser_spl(char *file, const unsigned char *der, size_t len,
const struct entity *entp)
{
- struct spl *spl;
+ struct spl *spl = NULL;
+ X509 *x509 = NULL;
struct auth *a;
struct crl *crl;
- X509 *x509;
const char *errstr;
if ((spl = spl_parse(&x509, file, entp->talid, der, len)) == NULL)
- return NULL;
+ goto out;
a = find_issuer(file, entp->certid, spl->aki, entp->mftaki);
- if (a == NULL) {
- X509_free(x509);
- spl_free(spl);
- return NULL;
- }
+ if (a == NULL)
+ goto out;
crl = crl_get(&crlt, a);
if (!valid_x509(file, ctx, x509, a, crl, &errstr)) {
warnx("%s: %s", file, errstr);
- X509_free(x509);
- spl_free(spl);
- return NULL;
+ goto out;
}
X509_free(x509);
+ x509 = NULL;
spl->talid = a->cert->talid;
spl->expires = x509_find_expires(spl->notafter, a, &crlt);
return spl;
+
+ out:
+ spl_free(spl);
+ X509_free(x509);
+
+ return NULL;
}
/*
@@ -546,7 +550,7 @@ static struct cert *
proc_parser_cert(char *file, const unsigned char *der, size_t len,
const struct entity *entp)
{
- struct cert *cert;
+ struct cert *cert = NULL;
struct crl *crl;
struct auth *a;
const char *errstr = NULL;
@@ -556,30 +560,25 @@ proc_parser_cert(char *file, const unsig
cert = cert_parse_pre(file, der, len);
cert = cert_parse(file, cert);
if (cert == NULL)
- return NULL;
+ goto out;
a = find_issuer(file, entp->certid, cert->aki, entp->mftaki);
- if (a == NULL) {
- cert_free(cert);
- return NULL;
- }
+ if (a == NULL)
+ goto out;
crl = crl_get(&crlt, a);
if (!valid_x509(file, ctx, cert->x509, a, crl, &errstr) ||
!valid_cert(file, a, cert)) {
if (errstr != NULL)
warnx("%s: %s", file, errstr);
- cert_free(cert);
- return NULL;
+ goto out;
}
cert->talid = a->cert->talid;
if (cert->purpose == CERT_PURPOSE_BGPSEC_ROUTER) {
- if (!constraints_validate(file, cert)) {
- cert_free(cert);
- return NULL;
- }
+ if (!constraints_validate(file, cert))
+ goto out;
}
/*
@@ -589,6 +588,11 @@ proc_parser_cert(char *file, const unsig
auth_insert(file, &auths, cert, a);
return cert;
+
+ out:
+ cert_free(cert);
+
+ return NULL;
}
static int
@@ -695,34 +699,36 @@ static struct gbr *
proc_parser_gbr(char *file, const unsigned char *der, size_t len,
const struct entity *entp)
{
- struct gbr *gbr;
- X509 *x509;
+ struct gbr *gbr = NULL;
+ X509 *x509 = NULL;
struct crl *crl;
struct auth *a;
const char *errstr;
if ((gbr = gbr_parse(&x509, file, entp->talid, der, len)) == NULL)
- return NULL;
+ goto out;
a = find_issuer(file, entp->certid, gbr->aki, entp->mftaki);
- if (a == NULL) {
- X509_free(x509);
- gbr_free(gbr);
- return NULL;
- }
+ if (a == NULL)
+ goto out;
crl = crl_get(&crlt, a);
if (!valid_x509(file, ctx, x509, a, crl, &errstr)) {
warnx("%s: %s", file, errstr);
- X509_free(x509);
- gbr_free(gbr);
- return NULL;
+ goto out;
}
X509_free(x509);
+ x509 = NULL;
gbr->talid = a->cert->talid;
return gbr;
+
+ out:
+ gbr_free(gbr);
+ X509_free(x509);
+
+ return NULL;
}
/*
@@ -732,36 +738,38 @@ static struct aspa *
proc_parser_aspa(char *file, const unsigned char *der, size_t len,
const struct entity *entp)
{
- struct aspa *aspa;
+ struct aspa *aspa = NULL;
+ X509 *x509 = NULL;
struct auth *a;
struct crl *crl;
- X509 *x509;
const char *errstr;
if ((aspa = aspa_parse(&x509, file, entp->talid, der, len)) == NULL)
- return NULL;
+ goto out;
a = find_issuer(file, entp->certid, aspa->aki, entp->mftaki);
- if (a == NULL) {
- X509_free(x509);
- aspa_free(aspa);
- return NULL;
- }
+ if (a == NULL)
+ goto out;
crl = crl_get(&crlt, a);
if (!valid_x509(file, ctx, x509, a, crl, &errstr)) {
warnx("%s: %s", file, errstr);
- X509_free(x509);
- aspa_free(aspa);
- return NULL;
+ goto out;
}
X509_free(x509);
+ x509 = NULL;
aspa->talid = a->cert->talid;
aspa->expires = x509_find_expires(aspa->notafter, a, &crlt);
return aspa;
+
+ out:
+ aspa_free(aspa);
+ X509_free(x509);
+
+ return NULL;
}
/*
@@ -771,15 +779,14 @@ static struct tak *
proc_parser_tak(char *file, const unsigned char *der, size_t len,
const struct entity *entp)
{
- struct tak *tak;
- X509 *x509;
+ struct tak *tak = NULL;
+ X509 *x509 = NULL;
struct crl *crl;
struct auth *a;
const char *errstr;
- int rc = 0;
if ((tak = tak_parse(&x509, file, entp->talid, der, len)) == NULL)
- return NULL;
+ goto out;
a = find_issuer(file, entp->certid, tak->aki, entp->mftaki);
if (a == NULL)
@@ -790,20 +797,22 @@ proc_parser_tak(char *file, const unsign
warnx("%s: %s", file, errstr);
goto out;
}
+ X509_free(x509);
+ x509 = NULL;
/* TAK EE must be signed by self-signed CA */
if (a->issuer != NULL)
goto out;
tak->talid = a->cert->talid;
- rc = 1;
+
+ return tak;
+
out:
- if (rc == 0) {
- tak_free(tak);
- tak = NULL;
- }
+ tak_free(tak);
X509_free(x509);
- return tak;
+
+ return NULL;
}
/*
rpki-client: unify proc_parser_foo a bit