From patchwork Sat Feb  4 00:43:22 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Selva Nair <selva.nair@gmail.com>
X-Patchwork-Id: 3045
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7300:c95:b0:82:e4b3:40a0 with SMTP id p21csp1544934dyk;
        Fri, 3 Feb 2023 16:44:29 -0800 (PST)
X-Google-Smtp-Source: 
 AK7set84YAl8o0M8fQQCyuajjpV2wYggE9iI826cF5Q5n8ZdFt42xz/5Ex0TszM2vsrQ3pzTIisM
X-Received: by 2002:a17:902:c94e:b0:196:88b8:8616 with SMTP id
 i14-20020a170902c94e00b0019688b88616mr15311551pla.5.1675471468842;
        Fri, 03 Feb 2023 16:44:28 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1675471468; cv=none;
        d=google.com; s=arc-20160816;
        b=iUybCm6bj6FTIfWmERGaz4E5YLWENnm6vgeQA0m33FsyH1bnFJkEjeEPrfzdpqOoWt
         niM+QzZovC729ItjJzRxW8B7oyB8ROEbfmjnKI2fUAM5W1JSsgtJEx881KQYe7agqZDh
         8irfL+3+g203HkhP0/7YRmmcOp4i+TKMEK9zxuioGth3srK227xwV25ZYtBP7MAr1Y2n
         zgxfAL6uE1NmwFEJbmCtiD7XzTCk7l8zwRwWsxGSzwCrUaeNSdVhaa+xtxRLWAPsesAz
         19rILjZDGN5ux9o+osye1vUbuWTKumYbKDdGKZ9a0ZQGnUF1Dbl2Kobbzfivu5+2aafW
         HBHA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=errors-to:content-transfer-encoding:list-subscribe:list-help
         :list-post:list-archive:list-unsubscribe:list-id:precedence:subject
         :mime-version:references:in-reply-to:message-id:date:to:from
         :dkim-signature:dkim-signature:dkim-signature;
        bh=BWbf8min9hfrlFB0LO8/jwvYO7XUx/pgnRGucQNz4Z0=;
        b=gy36rfCjMQp5s/DFkwzQ3u0xQ+9iA2GcnEL3dcnsd7It9m+H3CKSc/lHN2DP/h8Myo
         Ao8TCSIc3LqHb6aepNEQpwGpa+2xt+zEk8BklIZDsD96U9WmcW8hZIVFLkjpeOaSeHO4
         j76vR1Pb9EjfNEbdCUiEKpJheBRiw+bDBIaMR/2Gh5SYOsCsfy0CoV0ONWGR/B2KBKCv
         jiNp7/rpgq6GhD/wAmoWAd+NtjhUpaQNWcxyavq/ri9m14iir+l16M8CO0GO2Q65WPaZ
         YyPLRoCmsvbBedRevvCguG1ntNao2HdvV7Y2BhIsMb7pLqELuJMDDmGbZ/b8qW6f1/Ko
         i/Kg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=E9ZF3wQg;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=YjOp5J1a;
       dkim=neutral (body hash did not verify) header.i=@gmail.com
 header.s=20210112 header.b=boUaQZ4M;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 i15-20020a17090332cf00b0016efde92292si4482159plr.255.2023.02.03.16.44.28
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 03 Feb 2023 16:44:28 -0800 (PST)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=E9ZF3wQg;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=YjOp5J1a;
       dkim=neutral (body hash did not verify) header.i=@gmail.com
 header.s=20210112 header.b=boUaQZ4M;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com)
	by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1pO6eU-0007uU-RP;
	Sat, 04 Feb 2023 00:43:34 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <selva.nair@gmail.com>) id 1pO6eT-0007uK-3n
 for openvpn-devel@lists.sourceforge.net;
 Sat, 04 Feb 2023 00:43:32 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
 In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=3n4vFs++V8LlORDz0GDDTeff93tBBITVMVdwo5/pQaE=; b=E9ZF3wQgAdqXIz7/TkviDHsh9v
 u20qBwCF1Nfd5vIyc7iSJkFOVsYCz/NVtn7SBMIrhlSFHzT5d0KhIaubJnqmbtGh97tVwU6dxBRSG
 0pYXu3FDvp0CpbbHn9zRpt4fBDxyWDHibrW8l6Kpuv2cGcGzK+KOZlkdyfFdSvGY4h/c=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id:
 Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=3n4vFs++V8LlORDz0GDDTeff93tBBITVMVdwo5/pQaE=; b=YjOp5J1aybG5SONJi1fkgPtUuS
 m6W5T62sfrj9/PUnH8J2ROFXTTqdZ9WfbSAtn0/hqC8M7FQaFpVaGBjMbIIkeE+iZDwlEumDUEhX7
 04kWXtoT2ZT9FjuxwWs2H/r7wM/pzaWeOMG6VNfsucAQrzKwbrtmmOuh9GXRUvH4Y2l4=;
Received: from mail-io1-f41.google.com ([209.85.166.41])
 by sfi-mx-1.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95)
 id 1pO6eR-00AfZe-Js for openvpn-devel@lists.sourceforge.net;
 Sat, 04 Feb 2023 00:43:32 +0000
Received: by mail-io1-f41.google.com with SMTP id q6so2595938ior.12
 for <openvpn-devel@lists.sourceforge.net>;
 Fri, 03 Feb 2023 16:43:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=3n4vFs++V8LlORDz0GDDTeff93tBBITVMVdwo5/pQaE=;
 b=boUaQZ4M+USRnVZHYUH0toDZDk+vWNM66vrmWVFmbWDw0dxEJuTDzYbfO3RkJCSW6C
 IG9X+/bjfkrqqjKLqioQ4ylpCsp1MiDQt9qaXrr63q25c2LulJHaazn6J2P/Mh9EE8VG
 rLl/jCh+nmO5XFbgLhhYX4ZrLaTyzuo0TPw+td+wf68bgsWb9SUb+mH+9dhDqfH+I4xQ
 Zs5ejtc75oneQtSv52r2W7UbfNAZDh0f73IRrVtt217MzXkEEJFjm/pY5wjWR7ljdMOD
 td0YhzNEmgez7fp7WiIjbInQe6zyaTBF+ZPS1Rqd9pfhq09wNiVs2CVyNu3JMqr3tEvK
 BfiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=3n4vFs++V8LlORDz0GDDTeff93tBBITVMVdwo5/pQaE=;
 b=KVKmFYq+o3PbuzoUsqZ3huq5kQ2y8rkBooAPIxSxYWO17jPeNn+4c0gTYnM5pfc2Ps
 CwYrpItJbBIgtdTlRQwYurrdUty0QUTxc4lehEIiVZZXXIzy1VVJYRDNERazL2R9o+7V
 Gu9lr4PtnucQmE8ydhgGQq+P9YPHQsG4foJJI4csFvoWEgeVGwepSpwXwKp76vBSwnDR
 v76gKJhngHUeStkxIN99M1y1RmbOmYW/xsoWXrHvfQ9ZA0b7VjJE1H13zv8a7LaMVofU
 0bCcOORcWX3EX45SXINwuLzRqtQXWNbkKfNdD5kutJmICGQh8mKwmcYWxk/0vpeyJDCe
 rjCg==
X-Gm-Message-State: AO0yUKXs97zQysyrtpO4YYx4vhBZzJqw2artZq5SX0TyQOLmgBM6eHJH
 qoRmFYvgeO49VAeZnWzNvnfWZrKkOOg=
X-Received: by 2002:a6b:5112:0:b0:719:6a2:99d8 with SMTP id
 f18-20020a6b5112000000b0071906a299d8mr6318945iob.0.1675471405759;
 Fri, 03 Feb 2023 16:43:25 -0800 (PST)
Received: from uranus.sansel.ca
 (bras-vprn-tnhlon4053w-lp130-01-70-51-222-66.dsl.bell.ca. [70.51.222.66])
 by smtp.gmail.com with ESMTPSA id
 r4-20020a056638300400b003bada974a13sm1286451jak.165.2023.02.03.16.43.24
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 03 Feb 2023 16:43:25 -0800 (PST)
From: selva.nair@gmail.com
To: openvpn-devel@lists.sourceforge.net
Date: Fri,  3 Feb 2023 19:43:22 -0500
Message-Id: <20230204004322.250210-1-selva.nair@gmail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20230128223421.2207802-5-selva.nair@gmail.com>
References: <20230128223421.2207802-5-selva.nair@gmail.com>
MIME-Version: 1.0
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-2.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  From: Selva Nair v2: Moved the "parse_hexstring" chunk to
 a function for clarity and to permit unit-testing. A test is submitted as
 a follow up patch.
 Content analysis details:   (-0.2 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider [selva.nair[at]gmail.com]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
 [209.85.166.41 listed in wl.mailspike.net]
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [209.85.166.41 listed in list.dnswl.org]
X-Headers-End: 1pO6eR-00AfZe-Js
Subject: [Openvpn-devel] [PATCH v2 4/4] cryptoapi.c: simplify parsing of
 thumbprint hex string
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1756307451283930813?=
X-GMAIL-MSGID: =?utf-8?q?1756859170661442154?=

From: Selva Nair <selva.nair@gmail.com>

v2: Moved the "parse_hexstring" chunk to a function for clarity
and to permit unit-testing.

A test is submitted as a follow up patch.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
---
 src/openvpn/cryptoapi.c | 77 ++++++++++++++++++++---------------------
 1 file changed, 37 insertions(+), 40 deletions(-)

diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c
index eafef1b1..136c6ffc 100644
--- a/src/openvpn/cryptoapi.c
+++ b/src/openvpn/cryptoapi.c
@@ -180,6 +180,39 @@ err:
     return NULL;
 }
 
+/**
+ * Parse a hex string with optional embedded spaces into
+ * a byte array.
+ * @param p         pointer to the input string
+ * @param arr       on output contains the parsed bytes
+ * @param capacity  capacity of the byte array arr
+ * @returns the number of bytes parsed or 0 on error
+ */
+int
+parse_hexstring(const char *p, unsigned char *arr, size_t capacity)
+{
+    int i = 0;
+    for ( ; *p && i < capacity; p += 2)
+    {
+        /* skip spaces */
+        while (*p == ' ')
+        {
+            p++;
+        }
+        if (!*p) /* ending with spaces is not an error */
+        {
+            break;
+        }
+
+        if (!isxdigit(p[0]) || !isxdigit(p[1])
+            || sscanf(p, "%2hhx", &arr[i++]) != 1)
+        {
+            return 0;
+        }
+    }
+    return i;
+}
+
 static const CERT_CONTEXT *
 find_certificate_in_store(const char *cert_prop, HCERTSTORE cert_store)
 {
@@ -210,51 +243,15 @@ find_certificate_in_store(const char *cert_prop, HCERTSTORE cert_store)
     }
     else if (!strncmp(cert_prop, "THUMB:", 6))
     {
-        const char *p;
-        int i, x = 0;
         find_type = CERT_FIND_HASH;
         find_param = &blob;
 
-        /* skip the tag */
-        cert_prop += 6;
-        for (p = cert_prop, i = 0; *p && i < sizeof(hash); i++)
+        blob.cbData = parse_hexstring(cert_prop + 6, hash, sizeof(hash));
+        if (blob.cbData == 0)
         {
-            if (*p >= '0' && *p <= '9')
-            {
-                x = (*p - '0') << 4;
-            }
-            else if (*p >= 'A' && *p <= 'F')
-            {
-                x = (*p - 'A' + 10) << 4;
-            }
-            else if (*p >= 'a' && *p <= 'f')
-            {
-                x = (*p - 'a' + 10) << 4;
-            }
-            if (!*++p)  /* unexpected end of string */
-            {
-                msg(M_WARN|M_INFO, "WARNING: cryptoapicert: error parsing <THUMB:%s>.", cert_prop);
-                goto out;
-            }
-            if (*p >= '0' && *p <= '9')
-            {
-                x += *p - '0';
-            }
-            else if (*p >= 'A' && *p <= 'F')
-            {
-                x += *p - 'A' + 10;
-            }
-            else if (*p >= 'a' && *p <= 'f')
-            {
-                x += *p - 'a' + 10;
-            }
-            hash[i] = x;
-            /* skip any space(s) between hex numbers */
-            for (p++; *p && *p == ' '; p++)
-            {
-            }
+            msg(M_WARN|M_INFO, "WARNING: cryptoapicert: error parsing <%s>.", cert_prop);
+            goto out;
         }
-        blob.cbData = i;
     }
     else
     {