diff --git a/lib/libcrypto/bio/bio_lib.c b/lib/libcrypto/bio/bio_lib.c index b058af0ad..c90dd161f 100644 --- a/lib/libcrypto/bio/bio_lib.c +++ b/lib/libcrypto/bio/bio_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_lib.c,v 1.48 2023/08/07 10:58:56 tb Exp $ */ +/* $OpenBSD: bio_lib.c,v 1.51 2024/02/17 14:29:07 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -134,82 +134,72 @@ LCRYPTO_ALIAS(BIO_get_new_index); BIO * BIO_new(const BIO_METHOD *method) { - BIO *ret = NULL; + BIO *bio = NULL; - /* XXX calloc */ - ret = malloc(sizeof(BIO)); - if (ret == NULL) { + if ((bio = calloc(1, sizeof(BIO))) == NULL) { BIOerror(ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } - if (!BIO_set(ret, method)) { - free(ret); - ret = NULL; + + bio->method = method; + bio->shutdown = 1; + bio->references = 1; + + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); + + if (method->create != NULL) { + if (!method->create(bio)) { + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, + &bio->ex_data); + free(bio); + return NULL; + } } - return (ret); + + return bio; } LCRYPTO_ALIAS(BIO_new); int BIO_set(BIO *bio, const BIO_METHOD *method) { - bio->method = method; - bio->callback = NULL; - bio->callback_ex = NULL; - bio->cb_arg = NULL; - bio->init = 0; - bio->shutdown = 1; - bio->flags = 0; - bio->retry_reason = 0; - bio->num = 0; - bio->ptr = NULL; - bio->prev_bio = NULL; - bio->next_bio = NULL; - bio->references = 1; - bio->num_read = 0L; - bio->num_write = 0L; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); - if (method->create != NULL) { - if (!method->create(bio)) { - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, - &bio->ex_data); - return (0); - } - } - return (1); + BIOerror(ERR_R_DISABLED); + return 0; } LCRYPTO_ALIAS(BIO_set); int -BIO_free(BIO *a) +BIO_free(BIO *bio) { int ret; - if (a == NULL) - return (0); + if (bio == NULL) + return 0; - if (CRYPTO_add(&a->references, -1, CRYPTO_LOCK_BIO) > 0) - return (1); + if (CRYPTO_add(&bio->references, -1, CRYPTO_LOCK_BIO) > 0) + return 1; - if (a->callback != NULL || a->callback_ex != NULL) { - if ((ret = (int)bio_call_callback(a, BIO_CB_FREE, NULL, 0, 0, + if (bio->callback != NULL || bio->callback_ex != NULL) { + if ((ret = (int)bio_call_callback(bio, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL)) <= 0) - return (ret); + return ret; } - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); - if (a->method != NULL && a->method->destroy != NULL) - a->method->destroy(a); - free(a); - return (1); + if (bio->method != NULL && bio->method->destroy != NULL) + bio->method->destroy(bio); + + free(bio); + + return 1; } LCRYPTO_ALIAS(BIO_free); void -BIO_vfree(BIO *a) +BIO_vfree(BIO *bio) { - BIO_free(a); + BIO_free(bio); } LCRYPTO_ALIAS(BIO_vfree); @@ -222,121 +212,121 @@ BIO_up_ref(BIO *bio) LCRYPTO_ALIAS(BIO_up_ref); void * -BIO_get_data(BIO *a) +BIO_get_data(BIO *bio) { - return (a->ptr); + return bio->ptr; } LCRYPTO_ALIAS(BIO_get_data); void -BIO_set_data(BIO *a, void *ptr) +BIO_set_data(BIO *bio, void *ptr) { - a->ptr = ptr; + bio->ptr = ptr; } LCRYPTO_ALIAS(BIO_set_data); int -BIO_get_init(BIO *a) +BIO_get_init(BIO *bio) { - return a->init; + return bio->init; } LCRYPTO_ALIAS(BIO_get_init); void -BIO_set_init(BIO *a, int init) +BIO_set_init(BIO *bio, int init) { - a->init = init; + bio->init = init; } LCRYPTO_ALIAS(BIO_set_init); int -BIO_get_shutdown(BIO *a) +BIO_get_shutdown(BIO *bio) { - return (a->shutdown); + return bio->shutdown; } LCRYPTO_ALIAS(BIO_get_shutdown); void -BIO_set_shutdown(BIO *a, int shut) +BIO_set_shutdown(BIO *bio, int shut) { - a->shutdown = shut; + bio->shutdown = shut; } LCRYPTO_ALIAS(BIO_set_shutdown); void -BIO_clear_flags(BIO *b, int flags) +BIO_clear_flags(BIO *bio, int flags) { - b->flags &= ~flags; + bio->flags &= ~flags; } LCRYPTO_ALIAS(BIO_clear_flags); int -BIO_test_flags(const BIO *b, int flags) +BIO_test_flags(const BIO *bio, int flags) { - return (b->flags & flags); + return (bio->flags & flags); } LCRYPTO_ALIAS(BIO_test_flags); void -BIO_set_flags(BIO *b, int flags) +BIO_set_flags(BIO *bio, int flags) { - b->flags |= flags; + bio->flags |= flags; } LCRYPTO_ALIAS(BIO_set_flags); BIO_callback_fn -BIO_get_callback(const BIO *b) +BIO_get_callback(const BIO *bio) { - return b->callback; + return bio->callback; } LCRYPTO_ALIAS(BIO_get_callback); void -BIO_set_callback(BIO *b, BIO_callback_fn cb) +BIO_set_callback(BIO *bio, BIO_callback_fn cb) { - b->callback = cb; + bio->callback = cb; } LCRYPTO_ALIAS(BIO_set_callback); BIO_callback_fn_ex -BIO_get_callback_ex(const BIO *b) +BIO_get_callback_ex(const BIO *bio) { - return b->callback_ex; + return bio->callback_ex; } LCRYPTO_ALIAS(BIO_get_callback_ex); void -BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex cb) +BIO_set_callback_ex(BIO *bio, BIO_callback_fn_ex cb) { - b->callback_ex = cb; + bio->callback_ex = cb; } LCRYPTO_ALIAS(BIO_set_callback_ex); void -BIO_set_callback_arg(BIO *b, char *arg) +BIO_set_callback_arg(BIO *bio, char *arg) { - b->cb_arg = arg; + bio->cb_arg = arg; } LCRYPTO_ALIAS(BIO_set_callback_arg); char * -BIO_get_callback_arg(const BIO *b) +BIO_get_callback_arg(const BIO *bio) { - return b->cb_arg; + return bio->cb_arg; } LCRYPTO_ALIAS(BIO_get_callback_arg); const char * -BIO_method_name(const BIO *b) +BIO_method_name(const BIO *bio) { - return b->method->name; + return bio->method->name; } LCRYPTO_ALIAS(BIO_method_name); int -BIO_method_type(const BIO *b) +BIO_method_type(const BIO *bio) { - return b->method->type; + return bio->method->type; } LCRYPTO_ALIAS(BIO_method_type); @@ -544,37 +534,37 @@ BIO_gets(BIO *b, char *in, int inl) LCRYPTO_ALIAS(BIO_gets); int -BIO_indent(BIO *b, int indent, int max) +BIO_indent(BIO *bio, int indent, int max) { if (indent > max) indent = max; if (indent <= 0) return 1; - if (BIO_printf(b, "%*s", indent, "") <= 0) + if (BIO_printf(bio, "%*s", indent, "") <= 0) return 0; return 1; } LCRYPTO_ALIAS(BIO_indent); long -BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg) +BIO_int_ctrl(BIO *bio, int cmd, long larg, int iarg) { int i; i = iarg; - return (BIO_ctrl(b, cmd, larg, (char *)&i)); + return BIO_ctrl(bio, cmd, larg, (char *)&i); } LCRYPTO_ALIAS(BIO_int_ctrl); char * -BIO_ptr_ctrl(BIO *b, int cmd, long larg) +BIO_ptr_ctrl(BIO *bio, int cmd, long larg) { char *p = NULL; - if (BIO_ctrl(b, cmd, larg, (char *)&p) <= 0) - return (NULL); + if (BIO_ctrl(bio, cmd, larg, (char *)&p) <= 0) + return NULL; else - return (p); + return p; } LCRYPTO_ALIAS(BIO_ptr_ctrl); @@ -730,7 +720,7 @@ LCRYPTO_ALIAS(BIO_get_retry_BIO); int BIO_get_retry_reason(BIO *bio) { - return (bio->retry_reason); + return bio->retry_reason; } LCRYPTO_ALIAS(BIO_get_retry_reason); diff --git a/sys/dev/fdt/rkrng.c b/sys/dev/fdt/rkrng.c index 61d6fb183..75b8ad0b9 100644 --- a/sys/dev/fdt/rkrng.c +++ b/sys/dev/fdt/rkrng.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rkrng.c,v 1.5 2023/04/14 01:11:32 dlg Exp $ */ +/* $OpenBSD: rkrng.c,v 1.6 2024/02/17 13:29:25 kettenis Exp $ */ /* * Copyright (c) 2020 Mark Kettenis * @@ -124,6 +124,9 @@ rkrng_match(struct device *parent, void *match, void *aux) struct fdt_attach_args *faa = aux; return OF_is_compatible(faa->fa_node, "rockchip,cryptov1-rng") || + OF_is_compatible(faa->fa_node, "rockchip,rk3288-crypto") || + OF_is_compatible(faa->fa_node, "rockchip,rk3328-crypto") || + OF_is_compatible(faa->fa_node, "rockchip,rk3399-crypto") || OF_is_compatible(faa->fa_node, "rockchip,cryptov2-rng"); } @@ -133,7 +136,10 @@ rkrng_attach(struct device *parent, struct device *self, void *aux) struct rkrng_softc *sc = (struct rkrng_softc *)self; struct fdt_attach_args *faa = aux; - if (OF_is_compatible(faa->fa_node, "rockchip,cryptov1-rng")) + if (OF_is_compatible(faa->fa_node, "rockchip,cryptov1-rng") || + OF_is_compatible(faa->fa_node, "rockchip,rk3288-crypto") || + OF_is_compatible(faa->fa_node, "rockchip,rk3328-crypto") || + OF_is_compatible(faa->fa_node, "rockchip,rk3399-crypto")) sc->sc_v = &rkrnv_v1; else if (OF_is_compatible(faa->fa_node, "rockchip,cryptov2-rng")) sc->sc_v = &rkrnv_v2; diff --git a/sys/dev/pci/if_em.h b/sys/dev/pci/if_em.h index e78e3399e..58319cd76 100644 --- a/sys/dev/pci/if_em.h +++ b/sys/dev/pci/if_em.h @@ -32,7 +32,7 @@ POSSIBILITY OF SUCH DAMAGE. ***************************************************************************/ /* $FreeBSD: if_em.h,v 1.26 2004/09/01 23:22:41 pdeuskar Exp $ */ -/* $OpenBSD: if_em.h,v 1.82 2024/01/28 18:42:58 mglocker Exp $ */ +/* $OpenBSD: if_em.h,v 1.83 2024/02/16 22:30:54 mglocker Exp $ */ #ifndef _EM_H_DEFINED_ #define _EM_H_DEFINED_ @@ -55,11 +55,14 @@ POSSIBILITY OF SUCH DAMAGE. #include #include +#include #include #include #include #include +#include +#include #include #if NBPFILTER > 0 @@ -269,6 +272,7 @@ typedef int boolean_t; #define EM_MAX_SCATTER 64 #define EM_TSO_SIZE 65535 +#define EM_TSO_SEG_SIZE 4096 /* Max dma segment size */ struct em_packet { int pkt_eop; /* Index of the desc to watch */ diff --git a/sys/dev/pci/if_iwn.c b/sys/dev/pci/if_iwn.c index 69ecb2421..10813741f 100644 --- a/sys/dev/pci/if_iwn.c +++ b/sys/dev/pci/if_iwn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_iwn.c,v 1.260 2022/06/19 18:27:06 stsp Exp $ */ +/* $OpenBSD: if_iwn.c,v 1.261 2024/02/16 11:44:52 stsp Exp $ */ /*- * Copyright (c) 2007-2010 Damien Bergamini @@ -5359,7 +5359,7 @@ iwn_scan(struct iwn_softc *sc, uint16_t flags, int bgscan) * The current mode might have been fixed during association. * Ensure all channels get scanned. */ - if (IFM_MODE(ic->ic_media.ifm_cur->ifm_media) == IFM_AUTO) + if (IFM_SUBTYPE(ic->ic_media.ifm_cur->ifm_media) == IFM_AUTO) ieee80211_setmode(ic, IEEE80211_MODE_AUTO); sc->sc_flags |= IWN_FLAG_SCANNING; diff --git a/sys/dev/pci/if_iwx.c b/sys/dev/pci/if_iwx.c index 4b945edf2..2166d4715 100644 --- a/sys/dev/pci/if_iwx.c +++ b/sys/dev/pci/if_iwx.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_iwx.c,v 1.180 2023/12/30 16:55:44 stsp Exp $ */ +/* $OpenBSD: if_iwx.c,v 1.181 2024/02/16 11:44:52 stsp Exp $ */ /* * Copyright (c) 2014, 2016 genua gmbh @@ -7529,7 +7529,7 @@ iwx_scan(struct iwx_softc *sc) * The current mode might have been fixed during association. * Ensure all channels get scanned. */ - if (IFM_MODE(ic->ic_media.ifm_cur->ifm_media) == IFM_AUTO) + if (IFM_SUBTYPE(ic->ic_media.ifm_cur->ifm_media) == IFM_AUTO) ieee80211_setmode(ic, IEEE80211_MODE_AUTO); sc->sc_flags |= IWX_FLAG_SCANNING; diff --git a/usr.sbin/rpki-client/aspa.c b/usr.sbin/rpki-client/aspa.c index a07198890..294c45b54 100644 --- a/usr.sbin/rpki-client/aspa.c +++ b/usr.sbin/rpki-client/aspa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: aspa.c,v 1.26 2024/02/13 22:44:21 job Exp $ */ +/* $OpenBSD: aspa.c,v 1.27 2024/02/16 15:13:49 tb Exp $ */ /* * Copyright (c) 2022 Job Snijders * Copyright (c) 2022 Theo Buehler @@ -132,11 +132,11 @@ static int aspa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) { const unsigned char *oder; - ASProviderAttestation *aspa; + ASProviderAttestation *aspa_asn1; int rc = 0; oder = d; - if ((aspa = d2i_ASProviderAttestation(NULL, &d, dsz)) == NULL) { + if ((aspa_asn1 = d2i_ASProviderAttestation(NULL, &d, dsz)) == NULL) { warnx("%s: ASPA: failed to parse ASProviderAttestation", p->fn); goto out; } @@ -146,20 +146,20 @@ aspa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) goto out; } - if (!valid_econtent_version(p->fn, aspa->version, 1)) + if (!valid_econtent_version(p->fn, aspa_asn1->version, 1)) goto out; - if (!as_id_parse(aspa->customerASID, &p->res->custasid)) { + if (!as_id_parse(aspa_asn1->customerASID, &p->res->custasid)) { warnx("%s: malformed CustomerASID", p->fn); goto out; } - if (!aspa_parse_providers(p, aspa->providers)) + if (!aspa_parse_providers(p, aspa_asn1->providers)) goto out; rc = 1; out: - ASProviderAttestation_free(aspa); + ASProviderAttestation_free(aspa_asn1); return rc; } diff --git a/usr.sbin/rpki-client/cert.c b/usr.sbin/rpki-client/cert.c index 14bed46ee..3c71238a8 100644 --- a/usr.sbin/rpki-client/cert.c +++ b/usr.sbin/rpki-client/cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cert.c,v 1.125 2024/02/04 07:43:27 tb Exp $ */ +/* $OpenBSD: cert.c,v 1.127 2024/02/16 14:48:47 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler * Copyright (c) 2021 Job Snijders @@ -29,14 +29,6 @@ #include "extern.h" -/* - * A parsing sequence of a file (which may just be ). - */ -struct parse { - struct cert *res; /* result */ - const char *fn; /* currently-parsed file */ -}; - extern ASN1_OBJECT *certpol_oid; /* id-cp-ipAddr-asNumber cert policy */ extern ASN1_OBJECT *carepo_oid; /* 1.3.6.1.5.5.7.48.5 (caRepository) */ extern ASN1_OBJECT *manifest_oid; /* 1.3.6.1.5.5.7.48.10 (rpkiManifest) */ @@ -245,25 +237,24 @@ sbgp_parse_assysnum(const char *fn, const ASIdentifiers *asidentifiers, * Returns zero on failure, non-zero on success. */ static int -sbgp_assysnum(struct parse *p, X509_EXTENSION *ext) +sbgp_assysnum(const char *fn, struct cert *cert, X509_EXTENSION *ext) { ASIdentifiers *asidentifiers = NULL; int rc = 0; if (!X509_EXTENSION_get_critical(ext)) { warnx("%s: RFC 6487 section 4.8.11: autonomousSysNum: " - "extension not critical", p->fn); + "extension not critical", fn); goto out; } if ((asidentifiers = X509V3_EXT_d2i(ext)) == NULL) { warnx("%s: RFC 6487 section 4.8.11: autonomousSysNum: " - "failed extension parse", p->fn); + "failed extension parse", fn); goto out; } - if (!sbgp_parse_assysnum(p->fn, asidentifiers, - &p->res->as, &p->res->asz)) + if (!sbgp_parse_assysnum(fn, asidentifiers, &cert->as, &cert->asz)) goto out; rc = 1; @@ -409,7 +400,7 @@ sbgp_parse_ipaddrblk(const char *fn, const IPAddrBlocks *addrblk, goto out; } - switch(afi) { + switch (afi) { case AFI_IPV4: if (ipv4_seen++ > 0) { warnx("%s: RFC 6487 section 4.8.10: " @@ -470,28 +461,28 @@ sbgp_parse_ipaddrblk(const char *fn, const IPAddrBlocks *addrblk, * Returns zero on failure, non-zero on success. */ static int -sbgp_ipaddrblk(struct parse *p, X509_EXTENSION *ext) +sbgp_ipaddrblk(const char *fn, struct cert *cert, X509_EXTENSION *ext) { IPAddrBlocks *addrblk = NULL; int rc = 0; if (!X509_EXTENSION_get_critical(ext)) { warnx("%s: RFC 6487 section 4.8.10: sbgp-ipAddrBlock: " - "extension not critical", p->fn); + "extension not critical", fn); goto out; } if ((addrblk = X509V3_EXT_d2i(ext)) == NULL) { warnx("%s: RFC 6487 section 4.8.10: sbgp-ipAddrBlock: " - "failed extension parse", p->fn); + "failed extension parse", fn); goto out; } - if (!sbgp_parse_ipaddrblk(p->fn, addrblk, &p->res->ips, &p->res->ipsz)) + if (!sbgp_parse_ipaddrblk(fn, addrblk, &cert->ips, &cert->ipsz)) goto out; - if (p->res->ipsz == 0) { - warnx("%s: RFC 6487 section 4.8.10: empty ipAddrBlock", p->fn); + if (cert->ipsz == 0) { + warnx("%s: RFC 6487 section 4.8.10: empty ipAddrBlock", fn); goto out; } @@ -506,7 +497,7 @@ sbgp_ipaddrblk(struct parse *p, X509_EXTENSION *ext) * Returns zero on failure, non-zero on success. */ static int -sbgp_sia(struct parse *p, X509_EXTENSION *ext) +sbgp_sia(const char *fn, struct cert *cert, X509_EXTENSION *ext) { AUTHORITY_INFO_ACCESS *sia = NULL; ACCESS_DESCRIPTION *ad; @@ -516,13 +507,13 @@ sbgp_sia(struct parse *p, X509_EXTENSION *ext) if (X509_EXTENSION_get_critical(ext)) { warnx("%s: RFC 6487 section 4.8.8: SIA: " - "extension not non-critical", p->fn); + "extension not non-critical", fn); goto out; } if ((sia = X509V3_EXT_d2i(ext)) == NULL) { warnx("%s: RFC 6487 section 4.8.8: SIA: failed extension parse", - p->fn); + fn); goto out; } @@ -532,48 +523,46 @@ sbgp_sia(struct parse *p, X509_EXTENSION *ext) oid = ad->method; if (OBJ_cmp(oid, carepo_oid) == 0) { - if (!x509_location(p->fn, "SIA: caRepository", - "rsync://", ad->location, &p->res->repo)) + if (!x509_location(fn, "SIA: caRepository", + "rsync://", ad->location, &cert->repo)) goto out; } else if (OBJ_cmp(oid, manifest_oid) == 0) { - if (!x509_location(p->fn, "SIA: rpkiManifest", - "rsync://", ad->location, &p->res->mft)) + if (!x509_location(fn, "SIA: rpkiManifest", + "rsync://", ad->location, &cert->mft)) goto out; } else if (OBJ_cmp(oid, notify_oid) == 0) { - if (!x509_location(p->fn, "SIA: rpkiNotify", - "https://", ad->location, &p->res->notify)) + if (!x509_location(fn, "SIA: rpkiNotify", + "https://", ad->location, &cert->notify)) goto out; } } - if (p->res->mft == NULL || p->res->repo == NULL) { + if (cert->mft == NULL || cert->repo == NULL) { warnx("%s: RFC 6487 section 4.8.8: SIA: missing caRepository " - "or rpkiManifest", p->fn); + "or rpkiManifest", fn); goto out; } - mftfilename = strrchr(p->res->mft, '/'); + mftfilename = strrchr(cert->mft, '/'); if (mftfilename == NULL) { - warnx("%s: SIA: invalid rpkiManifest entry", p->fn); + warnx("%s: SIA: invalid rpkiManifest entry", fn); goto out; } mftfilename++; if (!valid_filename(mftfilename, strlen(mftfilename))) { warnx("%s: SIA: rpkiManifest filename contains invalid " - "characters", p->fn); + "characters", fn); goto out; } - if (strstr(p->res->mft, p->res->repo) != p->res->mft) { + if (strstr(cert->mft, cert->repo) != cert->mft) { warnx("%s: RFC 6487 section 4.8.8: SIA: " - "conflicting URIs for caRepository and rpkiManifest", - p->fn); + "conflicting URIs for caRepository and rpkiManifest", fn); goto out; } - if (rtype_from_file_extension(p->res->mft) != RTYPE_MFT) { - warnx("%s: RFC 6487 section 4.8.8: SIA: " - "not an MFT file", p->fn); + if (rtype_from_file_extension(cert->mft) != RTYPE_MFT) { + warnx("%s: RFC 6487 section 4.8.8: SIA: not an MFT file", fn); goto out; } @@ -588,7 +577,7 @@ sbgp_sia(struct parse *p, X509_EXTENSION *ext) * Returns zero on failure, non-zero on success. */ static int -certificate_policies(struct parse *p, X509_EXTENSION *ext) +certificate_policies(const char *fn, struct cert *cert, X509_EXTENSION *ext) { STACK_OF(POLICYINFO) *policies = NULL; POLICYINFO *policy; @@ -599,20 +588,19 @@ certificate_policies(struct parse *p, X509_EXTENSION *ext) if (!X509_EXTENSION_get_critical(ext)) { warnx("%s: RFC 6487 section 4.8.9: certificatePolicies: " - "extension not critical", p->fn); + "extension not critical", fn); goto out; } if ((policies = X509V3_EXT_d2i(ext)) == NULL) { warnx("%s: RFC 6487 section 4.8.9: certificatePolicies: " - "failed extension parse", p->fn); + "failed extension parse", fn); goto out; } if (sk_POLICYINFO_num(policies) != 1) { warnx("%s: RFC 6487 section 4.8.9: certificatePolicies: " - "want 1 policy, got %d", p->fn, - sk_POLICYINFO_num(policies)); + "want 1 policy, got %d", fn, sk_POLICYINFO_num(policies)); goto out; } @@ -625,7 +613,7 @@ certificate_policies(struct parse *p, X509_EXTENSION *ext) OBJ_obj2txt(pbuf, sizeof(pbuf), policy->policyid, 1); OBJ_obj2txt(cbuf, sizeof(cbuf), certpol_oid, 1); warnx("%s: RFC 7318 section 2: certificatePolicies: " - "unexpected OID: %s, want %s", p->fn, pbuf, cbuf); + "unexpected OID: %s, want %s", fn, pbuf, cbuf); goto out; } @@ -637,7 +625,7 @@ certificate_policies(struct parse *p, X509_EXTENSION *ext) if (sk_POLICYQUALINFO_num(qualifiers) != 1) { warnx("%s: RFC 7318 section 2: certificatePolicies: " - "want 1 policy qualifier, got %d", p->fn, + "want 1 policy qualifier, got %d", fn, sk_POLICYQUALINFO_num(qualifiers)); goto out; } @@ -647,12 +635,12 @@ certificate_policies(struct parse *p, X509_EXTENSION *ext) if ((nid = OBJ_obj2nid(qualifier->pqualid)) != NID_id_qt_cps) { warnx("%s: RFC 7318 section 2: certificatePolicies: " - "want CPS, got %s", p->fn, nid2str(nid)); + "want CPS, got %s", fn, nid2str(nid)); goto out; } if (verbose > 1 && !filemode) - warnx("%s: CPS %.*s", p->fn, qualifier->d.cpsuri->length, + warnx("%s: CPS %.*s", fn, qualifier->d.cpsuri->length, qualifier->d.cpsuri->data); rc = 1; @@ -669,13 +657,11 @@ certificate_policies(struct parse *p, X509_EXTENSION *ext) struct cert * cert_parse_ee_cert(const char *fn, int talid, X509 *x) { - struct parse p; + struct cert *cert; X509_EXTENSION *ext; int index; - memset(&p, 0, sizeof(struct parse)); - p.fn = fn; - if ((p.res = calloc(1, sizeof(struct cert))) == NULL) + if ((cert = calloc(1, sizeof(struct cert))) == NULL) err(1, NULL); if (X509_get_version(x) != 2) { @@ -700,13 +686,13 @@ cert_parse_ee_cert(const char *fn, int talid, X509 *x) index = X509_get_ext_by_NID(x, NID_sbgp_ipAddrBlock, -1); if ((ext = X509_get_ext(x, index)) != NULL) { - if (!sbgp_ipaddrblk(&p, ext)) + if (!sbgp_ipaddrblk(fn, cert, ext)) goto out; } index = X509_get_ext_by_NID(x, NID_sbgp_autonomousSysNum, -1); if ((ext = X509_get_ext(x, index)) != NULL) { - if (!sbgp_assysnum(&p, ext)) + if (!sbgp_assysnum(fn, cert, ext)) goto out; } @@ -715,16 +701,16 @@ cert_parse_ee_cert(const char *fn, int talid, X509 *x) goto out; } - p.res->x509 = x; - p.res->talid = talid; + cert->x509 = x; + cert->talid = talid; - if (!constraints_validate(fn, p.res)) + if (!constraints_validate(fn, cert)) goto out; - return p.res; + return cert; out: - cert_free(p.res); + cert_free(cert); return NULL; } @@ -736,6 +722,7 @@ cert_parse_ee_cert(const char *fn, int talid, X509 *x) struct cert * cert_parse_pre(const char *fn, const unsigned char *der, size_t len) { + struct cert *cert; const unsigned char *oder; size_t j; int i, extsz; @@ -746,7 +733,6 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len) const ASN1_OBJECT *cobj; ASN1_OBJECT *obj; EVP_PKEY *pkey; - struct parse p; int nid, ip, as, sia, cp, crldp, aia, aki, ski, eku, bc, ku; @@ -756,14 +742,12 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len) if (der == NULL) return NULL; - memset(&p, 0, sizeof(struct parse)); - p.fn = fn; - if ((p.res = calloc(1, sizeof(struct cert))) == NULL) + if ((cert = calloc(1, sizeof(struct cert))) == NULL) err(1, NULL); oder = der; if ((x = d2i_X509(NULL, &der, len)) == NULL) { - warnx("%s: d2i_X509", p.fn); + warnx("%s: d2i_X509", fn); goto out; } if (der != oder + len) { @@ -773,7 +757,7 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len) /* Cache X509v3 extensions, see X509_check_ca(3). */ if (X509_check_purpose(x, -1, -1) <= 0) { - warnx("%s: could not cache X509v3 extensions", p.fn); + warnx("%s: could not cache X509v3 extensions", fn); goto out; } @@ -784,7 +768,7 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len) X509_get0_signature(NULL, &palg, x); if (palg == NULL) { - warnx("%s: X509_get0_signature", p.fn); + warnx("%s: X509_get0_signature", fn); goto out; } X509_ALGOR_get0(&cobj, NULL, NULL, palg); @@ -805,7 +789,7 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len) goto out; } - if (!x509_valid_subject(p.fn, x)) + if (!x509_valid_subject(fn, x)) goto out; /* Look for X509v3 extensions. */ @@ -824,25 +808,25 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len) case NID_sbgp_ipAddrBlock: if (ip++ > 0) goto dup; - if (!sbgp_ipaddrblk(&p, ext)) + if (!sbgp_ipaddrblk(fn, cert, ext)) goto out; break; case NID_sbgp_autonomousSysNum: if (as++ > 0) goto dup; - if (!sbgp_assysnum(&p, ext)) + if (!sbgp_assysnum(fn, cert, ext)) goto out; break; case NID_sinfo_access: if (sia++ > 0) goto dup; - if (!sbgp_sia(&p, ext)) + if (!sbgp_sia(fn, cert, ext)) goto out; break; case NID_certificate_policies: if (cp++ > 0) goto dup; - if (!certificate_policies(&p, ext)) + if (!certificate_policies(fn, cert, ext)) goto out; break; case NID_crl_distribution_points: @@ -879,40 +863,40 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len) char objn[64]; OBJ_obj2txt(objn, sizeof(objn), obj, 0); warnx("%s: ignoring %s (NID %d)", - p.fn, objn, OBJ_obj2nid(obj)); + fn, objn, OBJ_obj2nid(obj)); } break; } } - if (!x509_get_aki(x, p.fn, &p.res->aki)) + if (!x509_get_aki(x, fn, &cert->aki)) goto out; - if (!x509_get_ski(x, p.fn, &p.res->ski)) + if (!x509_get_ski(x, fn, &cert->ski)) goto out; - if (!x509_get_aia(x, p.fn, &p.res->aia)) + if (!x509_get_aia(x, fn, &cert->aia)) goto out; - if (!x509_get_crl(x, p.fn, &p.res->crl)) + if (!x509_get_crl(x, fn, &cert->crl)) goto out; - if (!x509_get_notbefore(x, p.fn, &p.res->notbefore)) + if (!x509_get_notbefore(x, fn, &cert->notbefore)) goto out; - if (!x509_get_notafter(x, p.fn, &p.res->notafter)) + if (!x509_get_notafter(x, fn, &cert->notafter)) goto out; - p.res->purpose = x509_get_purpose(x, p.fn); + cert->purpose = x509_get_purpose(x, fn); /* Validation on required fields. */ - switch (p.res->purpose) { + switch (cert->purpose) { case CERT_PURPOSE_CA: if ((pkey = X509_get0_pubkey(x)) == NULL) { - warnx("%s: X509_get0_pubkey failed", p.fn); + warnx("%s: X509_get0_pubkey failed", fn); goto out; } - if (!valid_ca_pkey(p.fn, pkey)) + if (!valid_ca_pkey(fn, pkey)) goto out; if (X509_get_key_usage(x) != (KU_KEY_CERT_SIGN | KU_CRL_SIGN)) { warnx("%s: RFC 6487 section 4.8.4: key usage violation", - p.fn); + fn); goto out; } @@ -923,57 +907,56 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len) goto out; } - if (p.res->mft == NULL) { - warnx("%s: RFC 6487 section 4.8.8: missing SIA", p.fn); + if (cert->mft == NULL) { + warnx("%s: RFC 6487 section 4.8.8: missing SIA", fn); goto out; } - if (p.res->asz == 0 && p.res->ipsz == 0) { - warnx("%s: missing IP or AS resources", p.fn); + if (cert->asz == 0 && cert->ipsz == 0) { + warnx("%s: missing IP or AS resources", fn); goto out; } break; case CERT_PURPOSE_BGPSEC_ROUTER: - p.res->pubkey = x509_get_pubkey(x, p.fn); - if (p.res->pubkey == NULL) { - warnx("%s: x509_get_pubkey failed", p.fn); + cert->pubkey = x509_get_pubkey(x, fn); + if (cert->pubkey == NULL) { + warnx("%s: x509_get_pubkey failed", fn); goto out; } - if (p.res->ipsz > 0) { - warnx("%s: unexpected IP resources in BGPsec cert", - p.fn); + if (cert->ipsz > 0) { + warnx("%s: unexpected IP resources in BGPsec cert", fn); goto out; } - for (j = 0; j < p.res->asz; j++) { - if (p.res->as[j].type == CERT_AS_INHERIT) { + for (j = 0; j < cert->asz; j++) { + if (cert->as[j].type == CERT_AS_INHERIT) { warnx("%s: inherit elements not allowed in EE" - " cert", p.fn); + " cert", fn); goto out; } } if (sia) { warnx("%s: unexpected SIA extension in BGPsec cert", - p.fn); + fn); goto out; } break; default: - warnx("%s: x509_get_purpose failed in %s", p.fn, __func__); + warnx("%s: x509_get_purpose failed in %s", fn, __func__); goto out; } - if (p.res->ski == NULL) { - warnx("%s: RFC 6487 section 8.4.2: missing SKI", p.fn); + if (cert->ski == NULL) { + warnx("%s: RFC 6487 section 8.4.2: missing SKI", fn); goto out; } - p.res->x509 = x; - return p.res; + cert->x509 = x; + return cert; dup: warnx("%s: RFC 5280 section 4.2: duplicate extension: %s", fn, nid2str(nid)); out: - cert_free(p.res); + cert_free(cert); X509_free(x); return NULL; } diff --git a/usr.sbin/rpki-client/main.c b/usr.sbin/rpki-client/main.c index 94ddc3d1c..67eea26e4 100644 --- a/usr.sbin/rpki-client/main.c +++ b/usr.sbin/rpki-client/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.248 2024/02/03 14:30:47 job Exp $ */ +/* $OpenBSD: main.c,v 1.249 2024/02/16 11:55:42 tb Exp $ */ /* * Copyright (c) 2021 Claudio Jeker * Copyright (c) 2019 Kristaps Dzonsons @@ -130,7 +130,7 @@ time_t get_current_time(void) { if (evaluation_time > X509_TIME_MIN) - return (time_t) evaluation_time; + return (time_t)evaluation_time; return time(NULL); } @@ -865,8 +865,8 @@ static void check_fs_size(int fd, const char *cachedir) { struct statvfs fs; - const long long minsize = 500 * 1024 * 1024; - const long long minnode = 300 * 1000; + const long long minsize = 500 * 1024 * 1024; + const long long minnode = 300 * 1000; if (fstatvfs(fd, &fs) == -1) err(1, "statfs %s", cachedir); diff --git a/usr.sbin/rpki-client/mft.c b/usr.sbin/rpki-client/mft.c index 724bbcf7d..59285ca33 100644 --- a/usr.sbin/rpki-client/mft.c +++ b/usr.sbin/rpki-client/mft.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mft.c,v 1.108 2024/02/15 07:01:33 tb Exp $ */ +/* $OpenBSD: mft.c,v 1.110 2024/02/16 15:18:08 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler * Copyright (c) 2019 Kristaps Dzonsons @@ -185,7 +185,7 @@ rtype_from_mftfile(const char *fn) static int mft_parse_filehash(struct parse *p, const FileAndHash *fh) { - char *fn = NULL; + char *file = NULL; int rc = 0; struct mftfile *fent; enum rtype type; @@ -195,8 +195,8 @@ mft_parse_filehash(struct parse *p, const FileAndHash *fh) warnx("%s: RFC 6486 section 4.2.2: bad filename", p->fn); goto out; } - fn = strndup(fh->file->data, fh->file->length); - if (fn == NULL) + file = strndup(fh->file->data, fh->file->length); + if (file == NULL) err(1, NULL); if (fh->hash->length != SHA256_DIGEST_LENGTH) { @@ -206,9 +206,9 @@ mft_parse_filehash(struct parse *p, const FileAndHash *fh) goto out; } - type = rtype_from_mftfile(fn); + type = rtype_from_mftfile(file); /* remember the filehash for the CRL in struct mft */ - if (type == RTYPE_CRL && strcmp(fn, p->res->crl) == 0) { + if (type == RTYPE_CRL && strcmp(file, p->res->crl) == 0) { memcpy(p->res->crlhash, fh->hash->data, SHA256_DIGEST_LENGTH); p->found_crl = 1; } @@ -223,13 +223,13 @@ mft_parse_filehash(struct parse *p, const FileAndHash *fh) } fent->type = type; - fent->file = fn; - fn = NULL; + fent->file = file; + file = NULL; memcpy(fent->hash, fh->hash->data, SHA256_DIGEST_LENGTH); rc = 1; out: - free(fn); + free(file); return rc; } @@ -311,12 +311,12 @@ static int mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) { const unsigned char *oder; - Manifest *mft; + Manifest *mft_asn1; FileAndHash *fh; int i, rc = 0; oder = d; - if ((mft = d2i_Manifest(NULL, &d, dsz)) == NULL) { + if ((mft_asn1 = d2i_Manifest(NULL, &d, dsz)) == NULL) { warnx("%s: RFC 6486 section 4: failed to parse Manifest", p->fn); goto out; @@ -327,10 +327,10 @@ mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) goto out; } - if (!valid_econtent_version(p->fn, mft->version, 0)) + if (!valid_econtent_version(p->fn, mft_asn1->version, 0)) goto out; - p->res->seqnum = x509_convert_seqnum(p->fn, mft->manifestNumber); + p->res->seqnum = x509_convert_seqnum(p->fn, mft_asn1->manifestNumber); if (p->res->seqnum == NULL) goto out; @@ -338,20 +338,20 @@ mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) * OpenSSL's DER decoder implementation will accept a GeneralizedTime * which doesn't conform to RFC 5280. So, double check. */ - if (ASN1_STRING_length(mft->thisUpdate) != GENTIME_LENGTH) { + if (ASN1_STRING_length(mft_asn1->thisUpdate) != GENTIME_LENGTH) { warnx("%s: embedded from time format invalid", p->fn); goto out; } - if (ASN1_STRING_length(mft->nextUpdate) != GENTIME_LENGTH) { + if (ASN1_STRING_length(mft_asn1->nextUpdate) != GENTIME_LENGTH) { warnx("%s: embedded until time format invalid", p->fn); goto out; } - if (!x509_get_time(mft->thisUpdate, &p->res->thisupdate)) { + if (!x509_get_time(mft_asn1->thisUpdate, &p->res->thisupdate)) { warn("%s: parsing manifest thisUpdate failed", p->fn); goto out; } - if (!x509_get_time(mft->nextUpdate, &p->res->nextupdate)) { + if (!x509_get_time(mft_asn1->nextUpdate, &p->res->nextupdate)) { warn("%s: parsing manifest nextUpdate failed", p->fn); goto out; } @@ -361,27 +361,28 @@ mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) goto out; } - if (OBJ_obj2nid(mft->fileHashAlg) != NID_sha256) { + if (OBJ_obj2nid(mft_asn1->fileHashAlg) != NID_sha256) { warnx("%s: RFC 6486 section 4.2.1: fileHashAlg: " "want SHA256 object, have %s (NID %d)", p->fn, - ASN1_tag2str(OBJ_obj2nid(mft->fileHashAlg)), - OBJ_obj2nid(mft->fileHashAlg)); + ASN1_tag2str(OBJ_obj2nid(mft_asn1->fileHashAlg)), + OBJ_obj2nid(mft_asn1->fileHashAlg)); goto out; } - if (sk_FileAndHash_num(mft->fileList) >= MAX_MANIFEST_ENTRIES) { + if (sk_FileAndHash_num(mft_asn1->fileList) >= MAX_MANIFEST_ENTRIES) { warnx("%s: %d exceeds manifest entry limit (%d)", p->fn, - sk_FileAndHash_num(mft->fileList), MAX_MANIFEST_ENTRIES); + sk_FileAndHash_num(mft_asn1->fileList), + MAX_MANIFEST_ENTRIES); goto out; } - p->res->files = calloc(sk_FileAndHash_num(mft->fileList), + p->res->files = calloc(sk_FileAndHash_num(mft_asn1->fileList), sizeof(struct mftfile)); if (p->res->files == NULL) err(1, NULL); - for (i = 0; i < sk_FileAndHash_num(mft->fileList); i++) { - fh = sk_FileAndHash_value(mft->fileList, i); + for (i = 0; i < sk_FileAndHash_num(mft_asn1->fileList); i++) { + fh = sk_FileAndHash_value(mft_asn1->fileList, i); if (!mft_parse_filehash(p, fh)) goto out; } @@ -391,12 +392,12 @@ mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) goto out; } - if (!mft_has_unique_names_and_hashes(p->fn, mft)) + if (!mft_has_unique_names_and_hashes(p->fn, mft_asn1)) goto out; rc = 1; out: - Manifest_free(mft); + Manifest_free(mft_asn1); return rc; } diff --git a/usr.sbin/rpki-client/roa.c b/usr.sbin/rpki-client/roa.c index 227b642f1..633c200de 100644 --- a/usr.sbin/rpki-client/roa.c +++ b/usr.sbin/rpki-client/roa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: roa.c,v 1.74 2024/02/13 22:44:21 job Exp $ */ +/* $OpenBSD: roa.c,v 1.76 2024/02/16 15:13:49 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler * Copyright (c) 2019 Kristaps Dzonsons @@ -106,7 +106,7 @@ static int roa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) { const unsigned char *oder; - RouteOriginAttestation *roa; + RouteOriginAttestation *roa_asn1; const ROAIPAddressFamily *addrfam; const STACK_OF(ROAIPAddress) *addrs; int addrsz, ipv4_seen = 0, ipv6_seen = 0; @@ -119,7 +119,7 @@ roa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) int i, j, rc = 0; oder = d; - if ((roa = d2i_RouteOriginAttestation(NULL, &d, dsz)) == NULL) { + if ((roa_asn1 = d2i_RouteOriginAttestation(NULL, &d, dsz)) == NULL) { warnx("%s: RFC 6482 section 3: failed to parse " "RouteOriginAttestation", p->fn); goto out; @@ -130,16 +130,16 @@ roa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) goto out; } - if (!valid_econtent_version(p->fn, roa->version, 0)) + if (!valid_econtent_version(p->fn, roa_asn1->version, 0)) goto out; - if (!as_id_parse(roa->asid, &p->res->asid)) { + if (!as_id_parse(roa_asn1->asid, &p->res->asid)) { warnx("%s: RFC 6482 section 3.2: asID: " "malformed AS identifier", p->fn); goto out; } - ipaddrblocksz = sk_ROAIPAddressFamily_num(roa->ipAddrBlocks); + ipaddrblocksz = sk_ROAIPAddressFamily_num(roa_asn1->ipAddrBlocks); if (ipaddrblocksz != 1 && ipaddrblocksz != 2) { warnx("%s: draft-rfc6482bis: unexpected number of ipAddrBlocks " "(got %d, expected 1 or 2)", p->fn, ipaddrblocksz); @@ -147,7 +147,7 @@ roa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) } for (i = 0; i < ipaddrblocksz; i++) { - addrfam = sk_ROAIPAddressFamily_value(roa->ipAddrBlocks, i); + addrfam = sk_ROAIPAddressFamily_value(roa_asn1->ipAddrBlocks, i); addrs = addrfam->addresses; addrsz = sk_ROAIPAddress_num(addrs); @@ -157,7 +157,7 @@ roa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) goto out; } - switch(afi) { + switch (afi) { case AFI_IPV4: if (ipv4_seen++ > 0) { warnx("%s: RFC 6482bis section 4.3.2: " @@ -233,7 +233,7 @@ roa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) rc = 1; out: - RouteOriginAttestation_free(roa); + RouteOriginAttestation_free(roa_asn1); return rc; } diff --git a/usr.sbin/rpki-client/rrdp.c b/usr.sbin/rpki-client/rrdp.c index d7814c0c6..8fae02e89 100644 --- a/usr.sbin/rpki-client/rrdp.c +++ b/usr.sbin/rpki-client/rrdp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rrdp.c,v 1.32 2023/06/23 11:36:24 claudio Exp $ */ +/* $OpenBSD: rrdp.c,v 1.33 2024/02/16 11:46:57 tb Exp $ */ /* * Copyright (c) 2020 Nils Fisher * Copyright (c) 2021 Claudio Jeker @@ -463,7 +463,7 @@ rrdp_input_handler(int fd) case RRDP_FILE: s = rrdp_get(id); if (s == NULL) - errx(1, "file, rrdp session %u does not exist", id);; + errx(1, "file, rrdp session %u does not exist", id); if (ibuf_fd_avail(b)) errx(1, "received unexpected fd"); io_read_buf(b, &ok, sizeof(ok)); diff --git a/usr.sbin/rpki-client/rsc.c b/usr.sbin/rpki-client/rsc.c index 316ae57ba..6bac1f767 100644 --- a/usr.sbin/rpki-client/rsc.c +++ b/usr.sbin/rpki-client/rsc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsc.c,v 1.31 2024/02/13 22:44:21 job Exp $ */ +/* $OpenBSD: rsc.c,v 1.33 2024/02/16 15:19:02 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler * Copyright (c) 2022 Job Snijders @@ -277,7 +277,7 @@ static int rsc_parse_checklist(struct parse *p, const STACK_OF(FileNameAndHash) *checkList) { FileNameAndHash *fh; - ASN1_IA5STRING *fn; + ASN1_IA5STRING *fileName; struct rscfile *file; size_t sz, i; @@ -308,15 +308,15 @@ rsc_parse_checklist(struct parse *p, const STACK_OF(FileNameAndHash) *checkList) } memcpy(file->hash, fh->hash->data, SHA256_DIGEST_LENGTH); - if ((fn = fh->fileName) == NULL) + if ((fileName = fh->fileName) == NULL) continue; - if (!valid_filename(fn->data, fn->length)) { + if (!valid_filename(fileName->data, fileName->length)) { warnx("%s: RSC FileNameAndHash: bad filename", p->fn); return 0; } - file->filename = strndup(fn->data, fn->length); + file->filename = strndup(fileName->data, fileName->length); if (file->filename == NULL) err(1, NULL); } @@ -333,7 +333,7 @@ static int rsc_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) { const unsigned char *oder; - RpkiSignedChecklist *rsc; + RpkiSignedChecklist *rsc_asn1; ResourceBlock *resources; int rc = 0; @@ -342,7 +342,7 @@ rsc_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) */ oder = d; - if ((rsc = d2i_RpkiSignedChecklist(NULL, &d, dsz)) == NULL) { + if ((rsc_asn1 = d2i_RpkiSignedChecklist(NULL, &d, dsz)) == NULL) { warnx("%s: RSC: failed to parse RpkiSignedChecklist", p->fn); goto out; } @@ -352,10 +352,10 @@ rsc_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) goto out; } - if (!valid_econtent_version(p->fn, rsc->version, 0)) + if (!valid_econtent_version(p->fn, rsc_asn1->version, 0)) goto out; - resources = rsc->resources; + resources = rsc_asn1->resources; if (resources->asID == NULL && resources->ipAddrBlocks == NULL) { warnx("%s: RSC: one of asID or ipAddrBlocks must be present", p->fn); @@ -368,15 +368,15 @@ rsc_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) if (!rsc_parse_iplist(p, resources->ipAddrBlocks)) goto out; - if (!rsc_check_digesttype(p, rsc->digestAlgorithm)) + if (!rsc_check_digesttype(p, rsc_asn1->digestAlgorithm)) goto out; - if (!rsc_parse_checklist(p, rsc->checkList)) + if (!rsc_parse_checklist(p, rsc_asn1->checkList)) goto out; rc = 1; out: - RpkiSignedChecklist_free(rsc); + RpkiSignedChecklist_free(rsc_asn1); return rc; } diff --git a/usr.sbin/rpki-client/tak.c b/usr.sbin/rpki-client/tak.c index 4273b6de6..72a886144 100644 --- a/usr.sbin/rpki-client/tak.c +++ b/usr.sbin/rpki-client/tak.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tak.c,v 1.17 2024/02/16 05:18:29 tb Exp $ */ +/* $OpenBSD: tak.c,v 1.18 2024/02/16 15:13:49 tb Exp $ */ /* * Copyright (c) 2022 Job Snijders * Copyright (c) 2022 Theo Buehler @@ -164,14 +164,14 @@ static int tak_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) { const unsigned char *oder; - TAK *tak; + TAK *tak_asn1; const char *fn; int rc = 0; fn = p->fn; oder = d; - if ((tak = d2i_TAK(NULL, &d, dsz)) == NULL) { + if ((tak_asn1 = d2i_TAK(NULL, &d, dsz)) == NULL) { warnx("%s: failed to parse Trust Anchor Key", fn); goto out; } @@ -181,28 +181,28 @@ tak_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) goto out; } - if (!valid_econtent_version(fn, tak->version, 0)) + if (!valid_econtent_version(fn, tak_asn1->version, 0)) goto out; - p->res->current = parse_takey(fn, tak->current); + p->res->current = parse_takey(fn, tak_asn1->current); if (p->res->current == NULL) goto out; - if (tak->predecessor != NULL) { - p->res->predecessor = parse_takey(fn, tak->predecessor); + if (tak_asn1->predecessor != NULL) { + p->res->predecessor = parse_takey(fn, tak_asn1->predecessor); if (p->res->predecessor == NULL) goto out; } - if (tak->successor != NULL) { - p->res->successor = parse_takey(fn, tak->successor); + if (tak_asn1->successor != NULL) { + p->res->successor = parse_takey(fn, tak_asn1->successor); if (p->res->successor == NULL) goto out; } rc = 1; out: - TAK_free(tak); + TAK_free(tak_asn1); return rc; }