SecBSD
/
src
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync with OpenBSD -current

This commit is contained in:
purplerain 2024-02-17 21:37:04 +00:00
parent 329362e59c
commit 22b00c65ca
Signed by: purplerain
GPG Key ID: F42C07F07E2E35B7
13 changed files with 259 additions and 275 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

174
lib/libcrypto/bio/bio_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: bio_lib.c,v 1.48 2023/08/07 10:58:56 tb Exp $ */
/* $OpenBSD: bio_lib.c,v 1.51 2024/02/17 14:29:07 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -134,82 +134,72 @@ LCRYPTO_ALIAS(BIO_get_new_index);
BIO *
BIO_new(const BIO_METHOD *method)
{
BIO *ret = NULL;
BIO *bio = NULL;
/* XXX calloc */
ret = malloc(sizeof(BIO));
if (ret == NULL) {
if ((bio = calloc(1, sizeof(BIO))) == NULL) {
BIOerror(ERR_R_MALLOC_FAILURE);
return (NULL);
return NULL;
}
if (!BIO_set(ret, method)) {
free(ret);
ret = NULL;
bio->method = method;
bio->shutdown = 1;
bio->references = 1;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
if (method->create != NULL) {
if (!method->create(bio)) {
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio,
&bio->ex_data);
free(bio);
return NULL;
}
}
return (ret);
return bio;
}
LCRYPTO_ALIAS(BIO_new);
int
BIO_set(BIO *bio, const BIO_METHOD *method)
{
bio->method = method;
bio->callback = NULL;
bio->callback_ex = NULL;
bio->cb_arg = NULL;
bio->init = 0;
bio->shutdown = 1;
bio->flags = 0;
bio->retry_reason = 0;
bio->num = 0;
bio->ptr = NULL;
bio->prev_bio = NULL;
bio->next_bio = NULL;
bio->references = 1;
bio->num_read = 0L;
bio->num_write = 0L;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
if (method->create != NULL) {
if (!method->create(bio)) {
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio,
&bio->ex_data);
return (0);
}
}
return (1);
BIOerror(ERR_R_DISABLED);
return 0;
}
LCRYPTO_ALIAS(BIO_set);
int
BIO_free(BIO *a)
BIO_free(BIO *bio)
{
int ret;
if (a == NULL)
return (0);
if (bio == NULL)
return 0;
if (CRYPTO_add(&a->references, -1, CRYPTO_LOCK_BIO) > 0)
return (1);
if (CRYPTO_add(&bio->references, -1, CRYPTO_LOCK_BIO) > 0)
return 1;
if (a->callback != NULL || a->callback_ex != NULL) {
if ((ret = (int)bio_call_callback(a, BIO_CB_FREE, NULL, 0, 0,
if (bio->callback != NULL || bio->callback_ex != NULL) {
if ((ret = (int)bio_call_callback(bio, BIO_CB_FREE, NULL, 0, 0,
0L, 1L, NULL)) <= 0)
return (ret);
return ret;
}
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
if (a->method != NULL && a->method->destroy != NULL)
a->method->destroy(a);
free(a);
return (1);
if (bio->method != NULL && bio->method->destroy != NULL)
bio->method->destroy(bio);
free(bio);
return 1;
}
LCRYPTO_ALIAS(BIO_free);
void
BIO_vfree(BIO *a)
BIO_vfree(BIO *bio)
{
BIO_free(a);
BIO_free(bio);
}
LCRYPTO_ALIAS(BIO_vfree);
@ -222,121 +212,121 @@ BIO_up_ref(BIO *bio)
LCRYPTO_ALIAS(BIO_up_ref);
void *
BIO_get_data(BIO *a)
BIO_get_data(BIO *bio)
{
return (a->ptr);
return bio->ptr;
}
LCRYPTO_ALIAS(BIO_get_data);
void
BIO_set_data(BIO *a, void *ptr)
BIO_set_data(BIO *bio, void *ptr)
{
a->ptr = ptr;
bio->ptr = ptr;
}
LCRYPTO_ALIAS(BIO_set_data);
int
BIO_get_init(BIO *a)
BIO_get_init(BIO *bio)
{
return a->init;
return bio->init;
}
LCRYPTO_ALIAS(BIO_get_init);
void
BIO_set_init(BIO *a, int init)
BIO_set_init(BIO *bio, int init)
{
a->init = init;
bio->init = init;
}
LCRYPTO_ALIAS(BIO_set_init);
int
BIO_get_shutdown(BIO *a)
BIO_get_shutdown(BIO *bio)
{
return (a->shutdown);
return bio->shutdown;
}
LCRYPTO_ALIAS(BIO_get_shutdown);
void
BIO_set_shutdown(BIO *a, int shut)
BIO_set_shutdown(BIO *bio, int shut)
{
a->shutdown = shut;
bio->shutdown = shut;
}
LCRYPTO_ALIAS(BIO_set_shutdown);
void
BIO_clear_flags(BIO *b, int flags)
BIO_clear_flags(BIO *bio, int flags)
{
b->flags &= ~flags;
bio->flags &= ~flags;
}
LCRYPTO_ALIAS(BIO_clear_flags);
int
BIO_test_flags(const BIO *b, int flags)
BIO_test_flags(const BIO *bio, int flags)
{
return (b->flags & flags);
return (bio->flags & flags);
}
LCRYPTO_ALIAS(BIO_test_flags);
void
BIO_set_flags(BIO *b, int flags)
BIO_set_flags(BIO *bio, int flags)
{
b->flags |= flags;
bio->flags |= flags;
}
LCRYPTO_ALIAS(BIO_set_flags);
BIO_callback_fn
BIO_get_callback(const BIO *b)
BIO_get_callback(const BIO *bio)
{
return b->callback;
return bio->callback;
}
LCRYPTO_ALIAS(BIO_get_callback);
void
BIO_set_callback(BIO *b, BIO_callback_fn cb)
BIO_set_callback(BIO *bio, BIO_callback_fn cb)
{
b->callback = cb;
bio->callback = cb;
}
LCRYPTO_ALIAS(BIO_set_callback);
BIO_callback_fn_ex
BIO_get_callback_ex(const BIO *b)
BIO_get_callback_ex(const BIO *bio)
{
return b->callback_ex;
return bio->callback_ex;
}
LCRYPTO_ALIAS(BIO_get_callback_ex);
void
BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex cb)
BIO_set_callback_ex(BIO *bio, BIO_callback_fn_ex cb)
{
b->callback_ex = cb;
bio->callback_ex = cb;
}
LCRYPTO_ALIAS(BIO_set_callback_ex);
void
BIO_set_callback_arg(BIO *b, char *arg)
BIO_set_callback_arg(BIO *bio, char *arg)
{
b->cb_arg = arg;
bio->cb_arg = arg;
}
LCRYPTO_ALIAS(BIO_set_callback_arg);
char *
BIO_get_callback_arg(const BIO *b)
BIO_get_callback_arg(const BIO *bio)
{
return b->cb_arg;
return bio->cb_arg;
}
LCRYPTO_ALIAS(BIO_get_callback_arg);
const char *
BIO_method_name(const BIO *b)
BIO_method_name(const BIO *bio)
{
return b->method->name;
return bio->method->name;
}
LCRYPTO_ALIAS(BIO_method_name);
int
BIO_method_type(const BIO *b)
BIO_method_type(const BIO *bio)
{
return b->method->type;
return bio->method->type;
}
LCRYPTO_ALIAS(BIO_method_type);
@ -544,37 +534,37 @@ BIO_gets(BIO *b, char *in, int inl)
LCRYPTO_ALIAS(BIO_gets);
int
BIO_indent(BIO *b, int indent, int max)
BIO_indent(BIO *bio, int indent, int max)
{
if (indent > max)
indent = max;
if (indent <= 0)
return 1;
if (BIO_printf(b, "%*s", indent, "") <= 0)
if (BIO_printf(bio, "%*s", indent, "") <= 0)
return 0;
return 1;
}
LCRYPTO_ALIAS(BIO_indent);
long
BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg)
BIO_int_ctrl(BIO *bio, int cmd, long larg, int iarg)
{
int i;
i = iarg;
return (BIO_ctrl(b, cmd, larg, (char *)&i));
return BIO_ctrl(bio, cmd, larg, (char *)&i);
}
LCRYPTO_ALIAS(BIO_int_ctrl);
char *
BIO_ptr_ctrl(BIO *b, int cmd, long larg)
BIO_ptr_ctrl(BIO *bio, int cmd, long larg)
{
char *p = NULL;
if (BIO_ctrl(b, cmd, larg, (char *)&p) <= 0)
return (NULL);
if (BIO_ctrl(bio, cmd, larg, (char *)&p) <= 0)
return NULL;
else
return (p);
return p;
}
LCRYPTO_ALIAS(BIO_ptr_ctrl);
@ -730,7 +720,7 @@ LCRYPTO_ALIAS(BIO_get_retry_BIO);
int
BIO_get_retry_reason(BIO *bio)
{
return (bio->retry_reason);
return bio->retry_reason;
}
LCRYPTO_ALIAS(BIO_get_retry_reason);

10
sys/dev/fdt/rkrng.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: rkrng.c,v 1.5 2023/04/14 01:11:32 dlg Exp $ */
/* $OpenBSD: rkrng.c,v 1.6 2024/02/17 13:29:25 kettenis Exp $ */
/*
* Copyright (c) 2020 Mark Kettenis <kettenis@openbsd.org>
*
@ -124,6 +124,9 @@ rkrng_match(struct device *parent, void *match, void *aux)
struct fdt_attach_args *faa = aux;
return OF_is_compatible(faa->fa_node, "rockchip,cryptov1-rng") ||
OF_is_compatible(faa->fa_node, "rockchip,rk3288-crypto") ||
OF_is_compatible(faa->fa_node, "rockchip,rk3328-crypto") ||
OF_is_compatible(faa->fa_node, "rockchip,rk3399-crypto") ||
OF_is_compatible(faa->fa_node, "rockchip,cryptov2-rng");
}
@ -133,7 +136,10 @@ rkrng_attach(struct device *parent, struct device *self, void *aux)
struct rkrng_softc *sc = (struct rkrng_softc *)self;
struct fdt_attach_args *faa = aux;
if (OF_is_compatible(faa->fa_node, "rockchip,cryptov1-rng"))
if (OF_is_compatible(faa->fa_node, "rockchip,cryptov1-rng") ||
OF_is_compatible(faa->fa_node, "rockchip,rk3288-crypto") ||
OF_is_compatible(faa->fa_node, "rockchip,rk3328-crypto") ||
OF_is_compatible(faa->fa_node, "rockchip,rk3399-crypto"))
sc->sc_v = &rkrnv_v1;
else if (OF_is_compatible(faa->fa_node, "rockchip,cryptov2-rng"))
sc->sc_v = &rkrnv_v2;

6
sys/dev/pci/if_em.h
View File

@ -32,7 +32,7 @@ POSSIBILITY OF SUCH DAMAGE.
***************************************************************************/
/* $FreeBSD: if_em.h,v 1.26 2004/09/01 23:22:41 pdeuskar Exp $ */
/* $OpenBSD: if_em.h,v 1.82 2024/01/28 18:42:58 mglocker Exp $ */
/* $OpenBSD: if_em.h,v 1.83 2024/02/16 22:30:54 mglocker Exp $ */
#ifndef _EM_H_DEFINED_
#define _EM_H_DEFINED_
@ -55,11 +55,14 @@ POSSIBILITY OF SUCH DAMAGE.
#include <net/if.h>
#include <net/if_media.h>
#include <net/route.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/if_ether.h>
#include <netinet/tcp.h>
#include <netinet/tcp_timer.h>
#include <netinet/tcp_var.h>
#include <netinet/udp.h>
#if NBPFILTER > 0
@ -269,6 +272,7 @@ typedef int boolean_t;
#define EM_MAX_SCATTER 64
#define EM_TSO_SIZE 65535
#define EM_TSO_SEG_SIZE 4096 /* Max dma segment size */
struct em_packet {
int pkt_eop; /* Index of the desc to watch */

4
sys/dev/pci/if_iwn.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: if_iwn.c,v 1.260 2022/06/19 18:27:06 stsp Exp $ */
/* $OpenBSD: if_iwn.c,v 1.261 2024/02/16 11:44:52 stsp Exp $ */
/*-
* Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr>
@ -5359,7 +5359,7 @@ iwn_scan(struct iwn_softc *sc, uint16_t flags, int bgscan)
* The current mode might have been fixed during association.
* Ensure all channels get scanned.
*/
if (IFM_MODE(ic->ic_media.ifm_cur->ifm_media) == IFM_AUTO)
if (IFM_SUBTYPE(ic->ic_media.ifm_cur->ifm_media) == IFM_AUTO)
ieee80211_setmode(ic, IEEE80211_MODE_AUTO);
sc->sc_flags |= IWN_FLAG_SCANNING;

4
sys/dev/pci/if_iwx.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: if_iwx.c,v 1.180 2023/12/30 16:55:44 stsp Exp $ */
/* $OpenBSD: if_iwx.c,v 1.181 2024/02/16 11:44:52 stsp Exp $ */
/*
* Copyright (c) 2014, 2016 genua gmbh <info@genua.de>
@ -7529,7 +7529,7 @@ iwx_scan(struct iwx_softc *sc)
* The current mode might have been fixed during association.
* Ensure all channels get scanned.
*/
if (IFM_MODE(ic->ic_media.ifm_cur->ifm_media) == IFM_AUTO)
if (IFM_SUBTYPE(ic->ic_media.ifm_cur->ifm_media) == IFM_AUTO)
ieee80211_setmode(ic, IEEE80211_MODE_AUTO);
sc->sc_flags |= IWX_FLAG_SCANNING;

14
usr.sbin/rpki-client/aspa.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: aspa.c,v 1.26 2024/02/13 22:44:21 job Exp $ */
/* $OpenBSD: aspa.c,v 1.27 2024/02/16 15:13:49 tb Exp $ */
/*
* Copyright (c) 2022 Job Snijders <job@fastly.com>
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
@ -132,11 +132,11 @@ static int
aspa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
{
const unsigned char *oder;
ASProviderAttestation *aspa;
ASProviderAttestation *aspa_asn1;
int rc = 0;
oder = d;
if ((aspa = d2i_ASProviderAttestation(NULL, &d, dsz)) == NULL) {
if ((aspa_asn1 = d2i_ASProviderAttestation(NULL, &d, dsz)) == NULL) {
warnx("%s: ASPA: failed to parse ASProviderAttestation", p->fn);
goto out;
}
@ -146,20 +146,20 @@ aspa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
goto out;
}
if (!valid_econtent_version(p->fn, aspa->version, 1))
if (!valid_econtent_version(p->fn, aspa_asn1->version, 1))
goto out;
if (!as_id_parse(aspa->customerASID, &p->res->custasid)) {
if (!as_id_parse(aspa_asn1->customerASID, &p->res->custasid)) {
warnx("%s: malformed CustomerASID", p->fn);
goto out;
}
if (!aspa_parse_providers(p, aspa->providers))
if (!aspa_parse_providers(p, aspa_asn1->providers))
goto out;
rc = 1;
out:
ASProviderAttestation_free(aspa);
ASProviderAttestation_free(aspa_asn1);
return rc;
}

193
usr.sbin/rpki-client/cert.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cert.c,v 1.125 2024/02/04 07:43:27 tb Exp $ */
/* $OpenBSD: cert.c,v 1.127 2024/02/16 14:48:47 tb Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2021 Job Snijders <job@openbsd.org>
@ -29,14 +29,6 @@
#include "extern.h"
/*
* A parsing sequence of a file (which may just be <stdin>).
*/
struct parse {
struct cert *res; /* result */
const char *fn; /* currently-parsed file */
};
extern ASN1_OBJECT *certpol_oid; /* id-cp-ipAddr-asNumber cert policy */
extern ASN1_OBJECT *carepo_oid; /* 1.3.6.1.5.5.7.48.5 (caRepository) */
extern ASN1_OBJECT *manifest_oid; /* 1.3.6.1.5.5.7.48.10 (rpkiManifest) */
@ -245,25 +237,24 @@ sbgp_parse_assysnum(const char *fn, const ASIdentifiers *asidentifiers,
* Returns zero on failure, non-zero on success.
*/
static int
sbgp_assysnum(struct parse *p, X509_EXTENSION *ext)
sbgp_assysnum(const char *fn, struct cert *cert, X509_EXTENSION *ext)
{
ASIdentifiers *asidentifiers = NULL;
int rc = 0;
if (!X509_EXTENSION_get_critical(ext)) {
warnx("%s: RFC 6487 section 4.8.11: autonomousSysNum: "
"extension not critical", p->fn);
"extension not critical", fn);
goto out;
}
if ((asidentifiers = X509V3_EXT_d2i(ext)) == NULL) {
warnx("%s: RFC 6487 section 4.8.11: autonomousSysNum: "
"failed extension parse", p->fn);
"failed extension parse", fn);
goto out;
}
if (!sbgp_parse_assysnum(p->fn, asidentifiers,
&p->res->as, &p->res->asz))
if (!sbgp_parse_assysnum(fn, asidentifiers, &cert->as, &cert->asz))
goto out;
rc = 1;
@ -409,7 +400,7 @@ sbgp_parse_ipaddrblk(const char *fn, const IPAddrBlocks *addrblk,
goto out;
}
switch(afi) {
switch (afi) {
case AFI_IPV4:
if (ipv4_seen++ > 0) {
warnx("%s: RFC 6487 section 4.8.10: "
@ -470,28 +461,28 @@ sbgp_parse_ipaddrblk(const char *fn, const IPAddrBlocks *addrblk,
* Returns zero on failure, non-zero on success.
*/
static int
sbgp_ipaddrblk(struct parse *p, X509_EXTENSION *ext)
sbgp_ipaddrblk(const char *fn, struct cert *cert, X509_EXTENSION *ext)
{
IPAddrBlocks *addrblk = NULL;
int rc = 0;
if (!X509_EXTENSION_get_critical(ext)) {
warnx("%s: RFC 6487 section 4.8.10: sbgp-ipAddrBlock: "
"extension not critical", p->fn);
"extension not critical", fn);
goto out;
}
if ((addrblk = X509V3_EXT_d2i(ext)) == NULL) {
warnx("%s: RFC 6487 section 4.8.10: sbgp-ipAddrBlock: "
"failed extension parse", p->fn);
"failed extension parse", fn);
goto out;
}
if (!sbgp_parse_ipaddrblk(p->fn, addrblk, &p->res->ips, &p->res->ipsz))
if (!sbgp_parse_ipaddrblk(fn, addrblk, &cert->ips, &cert->ipsz))
goto out;
if (p->res->ipsz == 0) {
warnx("%s: RFC 6487 section 4.8.10: empty ipAddrBlock", p->fn);
if (cert->ipsz == 0) {
warnx("%s: RFC 6487 section 4.8.10: empty ipAddrBlock", fn);
goto out;
}
@ -506,7 +497,7 @@ sbgp_ipaddrblk(struct parse *p, X509_EXTENSION *ext)
* Returns zero on failure, non-zero on success.
*/
static int
sbgp_sia(struct parse *p, X509_EXTENSION *ext)
sbgp_sia(const char *fn, struct cert *cert, X509_EXTENSION *ext)
{
AUTHORITY_INFO_ACCESS *sia = NULL;
ACCESS_DESCRIPTION *ad;
@ -516,13 +507,13 @@ sbgp_sia(struct parse *p, X509_EXTENSION *ext)
if (X509_EXTENSION_get_critical(ext)) {
warnx("%s: RFC 6487 section 4.8.8: SIA: "
"extension not non-critical", p->fn);
"extension not non-critical", fn);
goto out;
}
if ((sia = X509V3_EXT_d2i(ext)) == NULL) {
warnx("%s: RFC 6487 section 4.8.8: SIA: failed extension parse",
p->fn);
fn);
goto out;
}
@ -532,48 +523,46 @@ sbgp_sia(struct parse *p, X509_EXTENSION *ext)
oid = ad->method;
if (OBJ_cmp(oid, carepo_oid) == 0) {
if (!x509_location(p->fn, "SIA: caRepository",
"rsync://", ad->location, &p->res->repo))
if (!x509_location(fn, "SIA: caRepository",
"rsync://", ad->location, &cert->repo))
goto out;
} else if (OBJ_cmp(oid, manifest_oid) == 0) {
if (!x509_location(p->fn, "SIA: rpkiManifest",
"rsync://", ad->location, &p->res->mft))
if (!x509_location(fn, "SIA: rpkiManifest",
"rsync://", ad->location, &cert->mft))
goto out;
} else if (OBJ_cmp(oid, notify_oid) == 0) {
if (!x509_location(p->fn, "SIA: rpkiNotify",
"https://", ad->location, &p->res->notify))
if (!x509_location(fn, "SIA: rpkiNotify",
"https://", ad->location, &cert->notify))
goto out;
}
}
if (p->res->mft == NULL || p->res->repo == NULL) {
if (cert->mft == NULL || cert->repo == NULL) {
warnx("%s: RFC 6487 section 4.8.8: SIA: missing caRepository "
"or rpkiManifest", p->fn);
"or rpkiManifest", fn);
goto out;
}
mftfilename = strrchr(p->res->mft, '/');
mftfilename = strrchr(cert->mft, '/');
if (mftfilename == NULL) {
warnx("%s: SIA: invalid rpkiManifest entry", p->fn);
warnx("%s: SIA: invalid rpkiManifest entry", fn);
goto out;
}
mftfilename++;
if (!valid_filename(mftfilename, strlen(mftfilename))) {
warnx("%s: SIA: rpkiManifest filename contains invalid "
"characters", p->fn);
"characters", fn);
goto out;
}
if (strstr(p->res->mft, p->res->repo) != p->res->mft) {
if (strstr(cert->mft, cert->repo) != cert->mft) {
warnx("%s: RFC 6487 section 4.8.8: SIA: "
"conflicting URIs for caRepository and rpkiManifest",
p->fn);
"conflicting URIs for caRepository and rpkiManifest", fn);
goto out;
}
if (rtype_from_file_extension(p->res->mft) != RTYPE_MFT) {
warnx("%s: RFC 6487 section 4.8.8: SIA: "
"not an MFT file", p->fn);
if (rtype_from_file_extension(cert->mft) != RTYPE_MFT) {
warnx("%s: RFC 6487 section 4.8.8: SIA: not an MFT file", fn);
goto out;
}
@ -588,7 +577,7 @@ sbgp_sia(struct parse *p, X509_EXTENSION *ext)
* Returns zero on failure, non-zero on success.
*/
static int
certificate_policies(struct parse *p, X509_EXTENSION *ext)
certificate_policies(const char *fn, struct cert *cert, X509_EXTENSION *ext)
{
STACK_OF(POLICYINFO) *policies = NULL;
POLICYINFO *policy;
@ -599,20 +588,19 @@ certificate_policies(struct parse *p, X509_EXTENSION *ext)
if (!X509_EXTENSION_get_critical(ext)) {
warnx("%s: RFC 6487 section 4.8.9: certificatePolicies: "
"extension not critical", p->fn);
"extension not critical", fn);
goto out;
}
if ((policies = X509V3_EXT_d2i(ext)) == NULL) {
warnx("%s: RFC 6487 section 4.8.9: certificatePolicies: "
"failed extension parse", p->fn);
"failed extension parse", fn);
goto out;
}
if (sk_POLICYINFO_num(policies) != 1) {
warnx("%s: RFC 6487 section 4.8.9: certificatePolicies: "
"want 1 policy, got %d", p->fn,
sk_POLICYINFO_num(policies));
"want 1 policy, got %d", fn, sk_POLICYINFO_num(policies));
goto out;
}
@ -625,7 +613,7 @@ certificate_policies(struct parse *p, X509_EXTENSION *ext)
OBJ_obj2txt(pbuf, sizeof(pbuf), policy->policyid, 1);
OBJ_obj2txt(cbuf, sizeof(cbuf), certpol_oid, 1);
warnx("%s: RFC 7318 section 2: certificatePolicies: "
"unexpected OID: %s, want %s", p->fn, pbuf, cbuf);
"unexpected OID: %s, want %s", fn, pbuf, cbuf);
goto out;
}
@ -637,7 +625,7 @@ certificate_policies(struct parse *p, X509_EXTENSION *ext)
if (sk_POLICYQUALINFO_num(qualifiers) != 1) {
warnx("%s: RFC 7318 section 2: certificatePolicies: "
"want 1 policy qualifier, got %d", p->fn,
"want 1 policy qualifier, got %d", fn,
sk_POLICYQUALINFO_num(qualifiers));
goto out;
}
@ -647,12 +635,12 @@ certificate_policies(struct parse *p, X509_EXTENSION *ext)
if ((nid = OBJ_obj2nid(qualifier->pqualid)) != NID_id_qt_cps) {
warnx("%s: RFC 7318 section 2: certificatePolicies: "
"want CPS, got %s", p->fn, nid2str(nid));
"want CPS, got %s", fn, nid2str(nid));
goto out;
}
if (verbose > 1 && !filemode)
warnx("%s: CPS %.*s", p->fn, qualifier->d.cpsuri->length,
warnx("%s: CPS %.*s", fn, qualifier->d.cpsuri->length,
qualifier->d.cpsuri->data);
rc = 1;
@ -669,13 +657,11 @@ certificate_policies(struct parse *p, X509_EXTENSION *ext)
struct cert *
cert_parse_ee_cert(const char *fn, int talid, X509 *x)
{
struct parse p;
struct cert *cert;
X509_EXTENSION *ext;
int index;
memset(&p, 0, sizeof(struct parse));
p.fn = fn;
if ((p.res = calloc(1, sizeof(struct cert))) == NULL)
if ((cert = calloc(1, sizeof(struct cert))) == NULL)
err(1, NULL);
if (X509_get_version(x) != 2) {
@ -700,13 +686,13 @@ cert_parse_ee_cert(const char *fn, int talid, X509 *x)
index = X509_get_ext_by_NID(x, NID_sbgp_ipAddrBlock, -1);
if ((ext = X509_get_ext(x, index)) != NULL) {
if (!sbgp_ipaddrblk(&p, ext))
if (!sbgp_ipaddrblk(fn, cert, ext))
goto out;
}
index = X509_get_ext_by_NID(x, NID_sbgp_autonomousSysNum, -1);
if ((ext = X509_get_ext(x, index)) != NULL) {
if (!sbgp_assysnum(&p, ext))
if (!sbgp_assysnum(fn, cert, ext))
goto out;
}
@ -715,16 +701,16 @@ cert_parse_ee_cert(const char *fn, int talid, X509 *x)
goto out;
}
p.res->x509 = x;
p.res->talid = talid;
cert->x509 = x;
cert->talid = talid;
if (!constraints_validate(fn, p.res))
if (!constraints_validate(fn, cert))
goto out;
return p.res;
return cert;
out:
cert_free(p.res);
cert_free(cert);
return NULL;
}
@ -736,6 +722,7 @@ cert_parse_ee_cert(const char *fn, int talid, X509 *x)
struct cert *
cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
{
struct cert *cert;
const unsigned char *oder;
size_t j;
int i, extsz;
@ -746,7 +733,6 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
const ASN1_OBJECT *cobj;
ASN1_OBJECT *obj;
EVP_PKEY *pkey;
struct parse p;
int nid, ip, as, sia, cp, crldp, aia, aki, ski,
eku, bc, ku;
@ -756,14 +742,12 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
if (der == NULL)
return NULL;
memset(&p, 0, sizeof(struct parse));
p.fn = fn;
if ((p.res = calloc(1, sizeof(struct cert))) == NULL)
if ((cert = calloc(1, sizeof(struct cert))) == NULL)
err(1, NULL);
oder = der;
if ((x = d2i_X509(NULL, &der, len)) == NULL) {
warnx("%s: d2i_X509", p.fn);
warnx("%s: d2i_X509", fn);
goto out;
}
if (der != oder + len) {
@ -773,7 +757,7 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
/* Cache X509v3 extensions, see X509_check_ca(3). */
if (X509_check_purpose(x, -1, -1) <= 0) {
warnx("%s: could not cache X509v3 extensions", p.fn);
warnx("%s: could not cache X509v3 extensions", fn);
goto out;
}
@ -784,7 +768,7 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
X509_get0_signature(NULL, &palg, x);
if (palg == NULL) {
warnx("%s: X509_get0_signature", p.fn);
warnx("%s: X509_get0_signature", fn);
goto out;
}
X509_ALGOR_get0(&cobj, NULL, NULL, palg);
@ -805,7 +789,7 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
goto out;
}
if (!x509_valid_subject(p.fn, x))
if (!x509_valid_subject(fn, x))
goto out;
/* Look for X509v3 extensions. */
@ -824,25 +808,25 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
case NID_sbgp_ipAddrBlock:
if (ip++ > 0)
goto dup;
if (!sbgp_ipaddrblk(&p, ext))
if (!sbgp_ipaddrblk(fn, cert, ext))
goto out;
break;
case NID_sbgp_autonomousSysNum:
if (as++ > 0)
goto dup;
if (!sbgp_assysnum(&p, ext))
if (!sbgp_assysnum(fn, cert, ext))
goto out;
break;
case NID_sinfo_access:
if (sia++ > 0)
goto dup;
if (!sbgp_sia(&p, ext))
if (!sbgp_sia(fn, cert, ext))
goto out;
break;
case NID_certificate_policies:
if (cp++ > 0)
goto dup;
if (!certificate_policies(&p, ext))
if (!certificate_policies(fn, cert, ext))
goto out;
break;
case NID_crl_distribution_points:
@ -879,40 +863,40 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
char objn[64];
OBJ_obj2txt(objn, sizeof(objn), obj, 0);
warnx("%s: ignoring %s (NID %d)",
p.fn, objn, OBJ_obj2nid(obj));
fn, objn, OBJ_obj2nid(obj));
}
break;
}
}
if (!x509_get_aki(x, p.fn, &p.res->aki))
if (!x509_get_aki(x, fn, &cert->aki))
goto out;
if (!x509_get_ski(x, p.fn, &p.res->ski))
if (!x509_get_ski(x, fn, &cert->ski))
goto out;
if (!x509_get_aia(x, p.fn, &p.res->aia))
if (!x509_get_aia(x, fn, &cert->aia))
goto out;
if (!x509_get_crl(x, p.fn, &p.res->crl))
if (!x509_get_crl(x, fn, &cert->crl))
goto out;
if (!x509_get_notbefore(x, p.fn, &p.res->notbefore))
if (!x509_get_notbefore(x, fn, &cert->notbefore))
goto out;
if (!x509_get_notafter(x, p.fn, &p.res->notafter))
if (!x509_get_notafter(x, fn, &cert->notafter))
goto out;
p.res->purpose = x509_get_purpose(x, p.fn);
cert->purpose = x509_get_purpose(x, fn);
/* Validation on required fields. */
switch (p.res->purpose) {
switch (cert->purpose) {
case CERT_PURPOSE_CA:
if ((pkey = X509_get0_pubkey(x)) == NULL) {
warnx("%s: X509_get0_pubkey failed", p.fn);
warnx("%s: X509_get0_pubkey failed", fn);
goto out;
}
if (!valid_ca_pkey(p.fn, pkey))
if (!valid_ca_pkey(fn, pkey))
goto out;
if (X509_get_key_usage(x) != (KU_KEY_CERT_SIGN | KU_CRL_SIGN)) {
warnx("%s: RFC 6487 section 4.8.4: key usage violation",
p.fn);
fn);
goto out;
}
@ -923,57 +907,56 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
goto out;
}
if (p.res->mft == NULL) {
warnx("%s: RFC 6487 section 4.8.8: missing SIA", p.fn);
if (cert->mft == NULL) {
warnx("%s: RFC 6487 section 4.8.8: missing SIA", fn);
goto out;
}
if (p.res->asz == 0 && p.res->ipsz == 0) {
warnx("%s: missing IP or AS resources", p.fn);
if (cert->asz == 0 && cert->ipsz == 0) {
warnx("%s: missing IP or AS resources", fn);
goto out;
}
break;
case CERT_PURPOSE_BGPSEC_ROUTER:
p.res->pubkey = x509_get_pubkey(x, p.fn);
if (p.res->pubkey == NULL) {
warnx("%s: x509_get_pubkey failed", p.fn);
cert->pubkey = x509_get_pubkey(x, fn);
if (cert->pubkey == NULL) {
warnx("%s: x509_get_pubkey failed", fn);
goto out;
}
if (p.res->ipsz > 0) {
warnx("%s: unexpected IP resources in BGPsec cert",
p.fn);
if (cert->ipsz > 0) {
warnx("%s: unexpected IP resources in BGPsec cert", fn);
goto out;
}
for (j = 0; j < p.res->asz; j++) {
if (p.res->as[j].type == CERT_AS_INHERIT) {
for (j = 0; j < cert->asz; j++) {
if (cert->as[j].type == CERT_AS_INHERIT) {
warnx("%s: inherit elements not allowed in EE"
" cert", p.fn);
" cert", fn);
goto out;
}
}
if (sia) {
warnx("%s: unexpected SIA extension in BGPsec cert",
p.fn);
fn);
goto out;
}
break;
default:
warnx("%s: x509_get_purpose failed in %s", p.fn, __func__);
warnx("%s: x509_get_purpose failed in %s", fn, __func__);
goto out;
}
if (p.res->ski == NULL) {
warnx("%s: RFC 6487 section 8.4.2: missing SKI", p.fn);
if (cert->ski == NULL) {
warnx("%s: RFC 6487 section 8.4.2: missing SKI", fn);
goto out;
}
p.res->x509 = x;
return p.res;
cert->x509 = x;
return cert;
dup:
warnx("%s: RFC 5280 section 4.2: duplicate extension: %s", fn,
nid2str(nid));
out:
cert_free(p.res);
cert_free(cert);
X509_free(x);
return NULL;
}

8
usr.sbin/rpki-client/main.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: main.c,v 1.248 2024/02/03 14:30:47 job Exp $ */
/* $OpenBSD: main.c,v 1.249 2024/02/16 11:55:42 tb Exp $ */
/*
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -130,7 +130,7 @@ time_t
get_current_time(void)
{
if (evaluation_time > X509_TIME_MIN)
return (time_t) evaluation_time;
return (time_t)evaluation_time;
return time(NULL);
}
@ -865,8 +865,8 @@ static void
check_fs_size(int fd, const char *cachedir)
{
struct statvfs fs;
const long long minsize = 500 * 1024 * 1024;
const long long minnode = 300 * 1000;
const long long minsize = 500 * 1024 * 1024;
const long long minnode = 300 * 1000;
if (fstatvfs(fd, &fs) == -1)
err(1, "statfs %s", cachedir);

55
usr.sbin/rpki-client/mft.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: mft.c,v 1.108 2024/02/15 07:01:33 tb Exp $ */
/* $OpenBSD: mft.c,v 1.110 2024/02/16 15:18:08 tb Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -185,7 +185,7 @@ rtype_from_mftfile(const char *fn)
static int
mft_parse_filehash(struct parse *p, const FileAndHash *fh)
{
char *fn = NULL;
char *file = NULL;
int rc = 0;
struct mftfile *fent;
enum rtype type;
@ -195,8 +195,8 @@ mft_parse_filehash(struct parse *p, const FileAndHash *fh)
warnx("%s: RFC 6486 section 4.2.2: bad filename", p->fn);
goto out;
}
fn = strndup(fh->file->data, fh->file->length);
if (fn == NULL)
file = strndup(fh->file->data, fh->file->length);
if (file == NULL)
err(1, NULL);
if (fh->hash->length != SHA256_DIGEST_LENGTH) {
@ -206,9 +206,9 @@ mft_parse_filehash(struct parse *p, const FileAndHash *fh)
goto out;
}
type = rtype_from_mftfile(fn);
type = rtype_from_mftfile(file);
/* remember the filehash for the CRL in struct mft */
if (type == RTYPE_CRL && strcmp(fn, p->res->crl) == 0) {
if (type == RTYPE_CRL && strcmp(file, p->res->crl) == 0) {
memcpy(p->res->crlhash, fh->hash->data, SHA256_DIGEST_LENGTH);
p->found_crl = 1;
}
@ -223,13 +223,13 @@ mft_parse_filehash(struct parse *p, const FileAndHash *fh)
}
fent->type = type;
fent->file = fn;
fn = NULL;
fent->file = file;
file = NULL;
memcpy(fent->hash, fh->hash->data, SHA256_DIGEST_LENGTH);
rc = 1;
out:
free(fn);
free(file);
return rc;
}
@ -311,12 +311,12 @@ static int
mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
{
const unsigned char *oder;
Manifest *mft;
Manifest *mft_asn1;
FileAndHash *fh;
int i, rc = 0;
oder = d;
if ((mft = d2i_Manifest(NULL, &d, dsz)) == NULL) {
if ((mft_asn1 = d2i_Manifest(NULL, &d, dsz)) == NULL) {
warnx("%s: RFC 6486 section 4: failed to parse Manifest",
p->fn);
goto out;
@ -327,10 +327,10 @@ mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
goto out;
}
if (!valid_econtent_version(p->fn, mft->version, 0))
if (!valid_econtent_version(p->fn, mft_asn1->version, 0))
goto out;
p->res->seqnum = x509_convert_seqnum(p->fn, mft->manifestNumber);
p->res->seqnum = x509_convert_seqnum(p->fn, mft_asn1->manifestNumber);
if (p->res->seqnum == NULL)
goto out;
@ -338,20 +338,20 @@ mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
* OpenSSL's DER decoder implementation will accept a GeneralizedTime
* which doesn't conform to RFC 5280. So, double check.
*/
if (ASN1_STRING_length(mft->thisUpdate) != GENTIME_LENGTH) {
if (ASN1_STRING_length(mft_asn1->thisUpdate) != GENTIME_LENGTH) {
warnx("%s: embedded from time format invalid", p->fn);
goto out;
}
if (ASN1_STRING_length(mft->nextUpdate) != GENTIME_LENGTH) {
if (ASN1_STRING_length(mft_asn1->nextUpdate) != GENTIME_LENGTH) {
warnx("%s: embedded until time format invalid", p->fn);
goto out;
}
if (!x509_get_time(mft->thisUpdate, &p->res->thisupdate)) {
if (!x509_get_time(mft_asn1->thisUpdate, &p->res->thisupdate)) {
warn("%s: parsing manifest thisUpdate failed", p->fn);
goto out;
}
if (!x509_get_time(mft->nextUpdate, &p->res->nextupdate)) {
if (!x509_get_time(mft_asn1->nextUpdate, &p->res->nextupdate)) {
warn("%s: parsing manifest nextUpdate failed", p->fn);
goto out;
}
@ -361,27 +361,28 @@ mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
goto out;
}
if (OBJ_obj2nid(mft->fileHashAlg) != NID_sha256) {
if (OBJ_obj2nid(mft_asn1->fileHashAlg) != NID_sha256) {
warnx("%s: RFC 6486 section 4.2.1: fileHashAlg: "
"want SHA256 object, have %s (NID %d)", p->fn,
ASN1_tag2str(OBJ_obj2nid(mft->fileHashAlg)),
OBJ_obj2nid(mft->fileHashAlg));
ASN1_tag2str(OBJ_obj2nid(mft_asn1->fileHashAlg)),
OBJ_obj2nid(mft_asn1->fileHashAlg));
goto out;
}
if (sk_FileAndHash_num(mft->fileList) >= MAX_MANIFEST_ENTRIES) {
if (sk_FileAndHash_num(mft_asn1->fileList) >= MAX_MANIFEST_ENTRIES) {
warnx("%s: %d exceeds manifest entry limit (%d)", p->fn,
sk_FileAndHash_num(mft->fileList), MAX_MANIFEST_ENTRIES);
sk_FileAndHash_num(mft_asn1->fileList),
MAX_MANIFEST_ENTRIES);
goto out;
}
p->res->files = calloc(sk_FileAndHash_num(mft->fileList),
p->res->files = calloc(sk_FileAndHash_num(mft_asn1->fileList),
sizeof(struct mftfile));
if (p->res->files == NULL)
err(1, NULL);
for (i = 0; i < sk_FileAndHash_num(mft->fileList); i++) {
fh = sk_FileAndHash_value(mft->fileList, i);
for (i = 0; i < sk_FileAndHash_num(mft_asn1->fileList); i++) {
fh = sk_FileAndHash_value(mft_asn1->fileList, i);
if (!mft_parse_filehash(p, fh))
goto out;
}
@ -391,12 +392,12 @@ mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
goto out;
}
if (!mft_has_unique_names_and_hashes(p->fn, mft))
if (!mft_has_unique_names_and_hashes(p->fn, mft_asn1))
goto out;
rc = 1;
out:
Manifest_free(mft);
Manifest_free(mft_asn1);
return rc;
}

18
usr.sbin/rpki-client/roa.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: roa.c,v 1.74 2024/02/13 22:44:21 job Exp $ */
/* $OpenBSD: roa.c,v 1.76 2024/02/16 15:13:49 tb Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -106,7 +106,7 @@ static int
roa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
{
const unsigned char *oder;
RouteOriginAttestation *roa;
RouteOriginAttestation *roa_asn1;
const ROAIPAddressFamily *addrfam;
const STACK_OF(ROAIPAddress) *addrs;
int addrsz, ipv4_seen = 0, ipv6_seen = 0;
@ -119,7 +119,7 @@ roa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
int i, j, rc = 0;
oder = d;
if ((roa = d2i_RouteOriginAttestation(NULL, &d, dsz)) == NULL) {
if ((roa_asn1 = d2i_RouteOriginAttestation(NULL, &d, dsz)) == NULL) {
warnx("%s: RFC 6482 section 3: failed to parse "
"RouteOriginAttestation", p->fn);
goto out;
@ -130,16 +130,16 @@ roa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
goto out;
}
if (!valid_econtent_version(p->fn, roa->version, 0))
if (!valid_econtent_version(p->fn, roa_asn1->version, 0))
goto out;
if (!as_id_parse(roa->asid, &p->res->asid)) {
if (!as_id_parse(roa_asn1->asid, &p->res->asid)) {
warnx("%s: RFC 6482 section 3.2: asID: "
"malformed AS identifier", p->fn);
goto out;
}
ipaddrblocksz = sk_ROAIPAddressFamily_num(roa->ipAddrBlocks);
ipaddrblocksz = sk_ROAIPAddressFamily_num(roa_asn1->ipAddrBlocks);
if (ipaddrblocksz != 1 && ipaddrblocksz != 2) {
warnx("%s: draft-rfc6482bis: unexpected number of ipAddrBlocks "
"(got %d, expected 1 or 2)", p->fn, ipaddrblocksz);
@ -147,7 +147,7 @@ roa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
}
for (i = 0; i < ipaddrblocksz; i++) {
addrfam = sk_ROAIPAddressFamily_value(roa->ipAddrBlocks, i);
addrfam = sk_ROAIPAddressFamily_value(roa_asn1->ipAddrBlocks, i);
addrs = addrfam->addresses;
addrsz = sk_ROAIPAddress_num(addrs);
@ -157,7 +157,7 @@ roa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
goto out;
}
switch(afi) {
switch (afi) {
case AFI_IPV4:
if (ipv4_seen++ > 0) {
warnx("%s: RFC 6482bis section 4.3.2: "
@ -233,7 +233,7 @@ roa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
rc = 1;
out:
RouteOriginAttestation_free(roa);
RouteOriginAttestation_free(roa_asn1);
return rc;
}

4
usr.sbin/rpki-client/rrdp.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: rrdp.c,v 1.32 2023/06/23 11:36:24 claudio Exp $ */
/* $OpenBSD: rrdp.c,v 1.33 2024/02/16 11:46:57 tb Exp $ */
/*
* Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com>
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
@ -463,7 +463,7 @@ rrdp_input_handler(int fd)
case RRDP_FILE:
s = rrdp_get(id);
if (s == NULL)
errx(1, "file, rrdp session %u does not exist", id);;
errx(1, "file, rrdp session %u does not exist", id);
if (ibuf_fd_avail(b))
errx(1, "received unexpected fd");
io_read_buf(b, &ok, sizeof(ok));

24
usr.sbin/rpki-client/rsc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: rsc.c,v 1.31 2024/02/13 22:44:21 job Exp $ */
/* $OpenBSD: rsc.c,v 1.33 2024/02/16 15:19:02 tb Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2022 Job Snijders <job@fastly.com>
@ -277,7 +277,7 @@ static int
rsc_parse_checklist(struct parse *p, const STACK_OF(FileNameAndHash) *checkList)
{
FileNameAndHash *fh;
ASN1_IA5STRING *fn;
ASN1_IA5STRING *fileName;
struct rscfile *file;
size_t sz, i;
@ -308,15 +308,15 @@ rsc_parse_checklist(struct parse *p, const STACK_OF(FileNameAndHash) *checkList)
}
memcpy(file->hash, fh->hash->data, SHA256_DIGEST_LENGTH);
if ((fn = fh->fileName) == NULL)
if ((fileName = fh->fileName) == NULL)
continue;
if (!valid_filename(fn->data, fn->length)) {
if (!valid_filename(fileName->data, fileName->length)) {
warnx("%s: RSC FileNameAndHash: bad filename", p->fn);
return 0;
}
file->filename = strndup(fn->data, fn->length);
file->filename = strndup(fileName->data, fileName->length);
if (file->filename == NULL)
err(1, NULL);
}
@ -333,7 +333,7 @@ static int
rsc_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
{
const unsigned char *oder;
RpkiSignedChecklist *rsc;
RpkiSignedChecklist *rsc_asn1;
ResourceBlock *resources;
int rc = 0;
@ -342,7 +342,7 @@ rsc_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
*/
oder = d;
if ((rsc = d2i_RpkiSignedChecklist(NULL, &d, dsz)) == NULL) {
if ((rsc_asn1 = d2i_RpkiSignedChecklist(NULL, &d, dsz)) == NULL) {
warnx("%s: RSC: failed to parse RpkiSignedChecklist", p->fn);
goto out;
}
@ -352,10 +352,10 @@ rsc_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
goto out;
}
if (!valid_econtent_version(p->fn, rsc->version, 0))
if (!valid_econtent_version(p->fn, rsc_asn1->version, 0))
goto out;
resources = rsc->resources;
resources = rsc_asn1->resources;
if (resources->asID == NULL && resources->ipAddrBlocks == NULL) {
warnx("%s: RSC: one of asID or ipAddrBlocks must be present",
p->fn);
@ -368,15 +368,15 @@ rsc_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
if (!rsc_parse_iplist(p, resources->ipAddrBlocks))
goto out;
if (!rsc_check_digesttype(p, rsc->digestAlgorithm))
if (!rsc_check_digesttype(p, rsc_asn1->digestAlgorithm))
goto out;
if (!rsc_parse_checklist(p, rsc->checkList))
if (!rsc_parse_checklist(p, rsc_asn1->checkList))
goto out;
rc = 1;
out:
RpkiSignedChecklist_free(rsc);
RpkiSignedChecklist_free(rsc_asn1);
return rc;
}

20
usr.sbin/rpki-client/tak.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tak.c,v 1.17 2024/02/16 05:18:29 tb Exp $ */
/* $OpenBSD: tak.c,v 1.18 2024/02/16 15:13:49 tb Exp $ */
/*
* Copyright (c) 2022 Job Snijders <job@fastly.com>
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
@ -164,14 +164,14 @@ static int
tak_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
{
const unsigned char *oder;
TAK *tak;
TAK *tak_asn1;
const char *fn;
int rc = 0;
fn = p->fn;
oder = d;
if ((tak = d2i_TAK(NULL, &d, dsz)) == NULL) {
if ((tak_asn1 = d2i_TAK(NULL, &d, dsz)) == NULL) {
warnx("%s: failed to parse Trust Anchor Key", fn);
goto out;
}
@ -181,28 +181,28 @@ tak_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
goto out;
}
if (!valid_econtent_version(fn, tak->version, 0))
if (!valid_econtent_version(fn, tak_asn1->version, 0))
goto out;
p->res->current = parse_takey(fn, tak->current);
p->res->current = parse_takey(fn, tak_asn1->current);
if (p->res->current == NULL)
goto out;
if (tak->predecessor != NULL) {
p->res->predecessor = parse_takey(fn, tak->predecessor);
if (tak_asn1->predecessor != NULL) {
p->res->predecessor = parse_takey(fn, tak_asn1->predecessor);
if (p->res->predecessor == NULL)
goto out;
}
if (tak->successor != NULL) {
p->res->successor = parse_takey(fn, tak->successor);
if (tak_asn1->successor != NULL) {
p->res->successor = parse_takey(fn, tak_asn1->successor);
if (p->res->successor == NULL)
goto out;
}
rc = 1;
out:
TAK_free(tak);
TAK_free(tak_asn1);
return rc;
}