Download raw body.
rpki-client: kill struct parse
We have 8 incompatible struct parse. Job is working on number 9.
Apart from the struct parse in mft.c, there is always the same info: the
filename of the product being decoded and the struct holding the info we
need to retain. This struct makes the code harder to read and it's been
annoying to call functions from other files. The mostly mechanical diff
below gets rid of this nonsense.
In mft.c found_crl is a tiny complication, other than that this is
completely straightforward. I unwrapped lines where I could.
Index: aspa.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/aspa.c,v
diff -u -p -r1.27 aspa.c
--- aspa.c 16 Feb 2024 15:13:49 -0000 1.27
+++ aspa.c 16 Feb 2024 15:26:55 -0000
@@ -32,14 +32,6 @@
#include "extern.h"
-/*
- * Parse results and data of the ASPA object.
- */
-struct parse {
- const char *fn; /* ASPA file name */
- struct aspa *res; /* results */
-};
-
extern ASN1_OBJECT *aspa_oid;
/*
@@ -68,26 +60,26 @@ IMPLEMENT_ASN1_FUNCTIONS(ASProviderAttes
* Return zero on failure, non-zero on success.
*/
static int
-aspa_parse_providers(struct parse *p, const STACK_OF(ASN1_INTEGER) *providers)
+aspa_parse_providers(const char *fn, struct aspa *aspa,
+ const STACK_OF(ASN1_INTEGER) *providers)
{
const ASN1_INTEGER *pa;
uint32_t provider;
size_t providersz, i;
if ((providersz = sk_ASN1_INTEGER_num(providers)) == 0) {
- warnx("%s: ASPA: ProviderASSet needs at least one entry",
- p->fn);
+ warnx("%s: ASPA: ProviderASSet needs at least one entry", fn);
return 0;
}
if (providersz >= MAX_ASPA_PROVIDERS) {
- warnx("%s: ASPA: too many providers (more than %d)", p->fn,
+ warnx("%s: ASPA: too many providers (more than %d)", fn,
MAX_ASPA_PROVIDERS);
return 0;
}
- p->res->providers = calloc(providersz, sizeof(provider));
- if (p->res->providers == NULL)
+ aspa->providers = calloc(providersz, sizeof(provider));
+ if (aspa->providers == NULL)
err(1, NULL);
for (i = 0; i < providersz; i++) {
@@ -96,29 +88,29 @@ aspa_parse_providers(struct parse *p, co
memset(&provider, 0, sizeof(provider));
if (!as_id_parse(pa, &provider)) {
- warnx("%s: ASPA: malformed ProviderAS", p->fn);
+ warnx("%s: ASPA: malformed ProviderAS", fn);
return 0;
}
- if (p->res->custasid == provider) {
+ if (aspa->custasid == provider) {
warnx("%s: ASPA: CustomerASID can't also be Provider",
- p->fn);
+ fn);
return 0;
}
if (i > 0) {
- if (p->res->providers[i - 1] > provider) {
+ if (aspa->providers[i - 1] > provider) {
warnx("%s: ASPA: invalid ProviderASSet order",
- p->fn);
+ fn);
return 0;
}
- if (p->res->providers[i - 1] == provider) {
- warnx("%s: ASPA: duplicate ProviderAS", p->fn);
+ if (aspa->providers[i - 1] == provider) {
+ warnx("%s: ASPA: duplicate ProviderAS", fn);
return 0;
}
}
- p->res->providers[p->res->providersz++] = provider;
+ aspa->providers[aspa->providersz++] = provider;
}
return 1;
@@ -129,7 +121,8 @@ aspa_parse_providers(struct parse *p, co
* Returns zero on failure, non-zero on success.
*/
static int
-aspa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
+aspa_parse_econtent(const char *fn, struct aspa *aspa, const unsigned char *d,
+ size_t dsz)
{
const unsigned char *oder;
ASProviderAttestation *aspa_asn1;
@@ -137,24 +130,24 @@ aspa_parse_econtent(const unsigned char
oder = d;
if ((aspa_asn1 = d2i_ASProviderAttestation(NULL, &d, dsz)) == NULL) {
- warnx("%s: ASPA: failed to parse ASProviderAttestation", p->fn);
+ warnx("%s: ASPA: failed to parse ASProviderAttestation", fn);
goto out;
}
if (d != oder + dsz) {
- warnx("%s: %td bytes trailing garbage in eContent", p->fn,
+ warnx("%s: %td bytes trailing garbage in eContent", fn,
oder + dsz - d);
goto out;
}
- if (!valid_econtent_version(p->fn, aspa_asn1->version, 1))
+ if (!valid_econtent_version(fn, aspa_asn1->version, 1))
goto out;
- if (!as_id_parse(aspa_asn1->customerASID, &p->res->custasid)) {
- warnx("%s: malformed CustomerASID", p->fn);
+ if (!as_id_parse(aspa_asn1->customerASID, &aspa->custasid)) {
+ warnx("%s: malformed CustomerASID", fn);
goto out;
}
- if (!aspa_parse_providers(p, aspa_asn1->providers))
+ if (!aspa_parse_providers(fn, aspa, aspa_asn1->providers))
goto out;
rc = 1;
@@ -171,36 +164,33 @@ struct aspa *
aspa_parse(X509 **x509, const char *fn, int talid, const unsigned char *der,
size_t len)
{
- struct parse p;
+ struct aspa *aspa;
size_t cmsz;
unsigned char *cms;
struct cert *cert = NULL;
time_t signtime = 0;
int rc = 0;
- memset(&p, 0, sizeof(struct parse));
- p.fn = fn;
-
cms = cms_parse_validate(x509, fn, der, len, aspa_oid, &cmsz,
&signtime);
if (cms == NULL)
return NULL;
- if ((p.res = calloc(1, sizeof(*p.res))) == NULL)
+ if ((aspa = calloc(1, sizeof(*aspa))) == NULL)
err(1, NULL);
- p.res->signtime = signtime;
+ aspa->signtime = signtime;
- if (!x509_get_aia(*x509, fn, &p.res->aia))
+ if (!x509_get_aia(*x509, fn, &aspa->aia))
goto out;
- if (!x509_get_aki(*x509, fn, &p.res->aki))
+ if (!x509_get_aki(*x509, fn, &aspa->aki))
goto out;
- if (!x509_get_sia(*x509, fn, &p.res->sia))
+ if (!x509_get_sia(*x509, fn, &aspa->sia))
goto out;
- if (!x509_get_ski(*x509, fn, &p.res->ski))
+ if (!x509_get_ski(*x509, fn, &aspa->ski))
goto out;
- if (p.res->aia == NULL || p.res->aki == NULL || p.res->sia == NULL ||
- p.res->ski == NULL) {
+ if (aspa->aia == NULL || aspa->aki == NULL || aspa->sia == NULL ||
+ aspa->ski == NULL) {
warnx("%s: RFC 6487 section 4.8: "
"missing AIA, AKI, SIA, or SKI X509 extension", fn);
goto out;
@@ -211,9 +201,9 @@ aspa_parse(X509 **x509, const char *fn,
goto out;
}
- if (!x509_get_notbefore(*x509, fn, &p.res->notbefore))
+ if (!x509_get_notbefore(*x509, fn, &aspa->notbefore))
goto out;
- if (!x509_get_notafter(*x509, fn, &p.res->notafter))
+ if (!x509_get_notafter(*x509, fn, &aspa->notafter))
goto out;
if (x509_any_inherits(*x509)) {
@@ -221,25 +211,25 @@ aspa_parse(X509 **x509, const char *fn,
goto out;
}
- if (!aspa_parse_econtent(cms, cmsz, &p))
+ if (!aspa_parse_econtent(fn, aspa, cms, cmsz))
goto out;
if ((cert = cert_parse_ee_cert(fn, talid, *x509)) == NULL)
goto out;
- p.res->valid = valid_aspa(fn, cert, p.res);
+ aspa->valid = valid_aspa(fn, cert, aspa);
rc = 1;
out:
if (rc == 0) {
- aspa_free(p.res);
- p.res = NULL;
+ aspa_free(aspa);
+ aspa = NULL;
X509_free(*x509);
*x509 = NULL;
}
cert_free(cert);
free(cms);
- return p.res;
+ return aspa;
}
/*
@@ -374,7 +364,7 @@ aspa_insert_vaps(struct vap_tree *tree,
* insert them in the right place in v->providers while keeping the
* order of the providers array.
*/
- for (i = 0, j = 0; i < aspa->providersz; ) {
+ for (i = 0, j = 0; i < aspa->providersz;) {
if (j == v->providersz ||
aspa->providers[i] < v->providers[j]) {
/* merge provider from aspa into v */
Index: gbr.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/gbr.c,v
diff -u -p -r1.29 gbr.c
--- gbr.c 13 Oct 2023 12:06:49 -0000 1.29
+++ gbr.c 16 Feb 2024 12:10:53 -0000
@@ -24,14 +24,6 @@
#include "extern.h"
-/*
- * Parse results and data of the manifest file.
- */
-struct parse {
- const char *fn; /* manifest file name */
- struct gbr *res; /* results */
-};
-
extern ASN1_OBJECT *gbr_oid;
/*
@@ -43,44 +35,41 @@ struct gbr *
gbr_parse(X509 **x509, const char *fn, int talid, const unsigned char *der,
size_t len)
{
- struct parse p;
+ struct gbr *gbr;
struct cert *cert = NULL;
size_t cmsz;
unsigned char *cms;
time_t signtime = 0;
- memset(&p, 0, sizeof(struct parse));
- p.fn = fn;
-
cms = cms_parse_validate(x509, fn, der, len, gbr_oid, &cmsz, &signtime);
if (cms == NULL)
return NULL;
- if ((p.res = calloc(1, sizeof(*p.res))) == NULL)
+ if ((gbr = calloc(1, sizeof(*gbr))) == NULL)
err(1, NULL);
- p.res->signtime = signtime;
- if ((p.res->vcard = strndup(cms, cmsz)) == NULL)
+ gbr->signtime = signtime;
+ if ((gbr->vcard = strndup(cms, cmsz)) == NULL)
err(1, NULL);
free(cms);
- if (!x509_get_aia(*x509, fn, &p.res->aia))
+ if (!x509_get_aia(*x509, fn, &gbr->aia))
goto out;
- if (!x509_get_aki(*x509, fn, &p.res->aki))
+ if (!x509_get_aki(*x509, fn, &gbr->aki))
goto out;
- if (!x509_get_sia(*x509, fn, &p.res->sia))
+ if (!x509_get_sia(*x509, fn, &gbr->sia))
goto out;
- if (!x509_get_ski(*x509, fn, &p.res->ski))
+ if (!x509_get_ski(*x509, fn, &gbr->ski))
goto out;
- if (p.res->aia == NULL || p.res->aki == NULL || p.res->sia == NULL ||
- p.res->ski == NULL) {
+ if (gbr->aia == NULL || gbr->aki == NULL || gbr->sia == NULL ||
+ gbr->ski == NULL) {
warnx("%s: RFC 6487 section 4.8: "
"missing AIA, AKI, SIA or SKI X509 extension", fn);
goto out;
}
- if (!x509_get_notbefore(*x509, fn, &p.res->notbefore))
+ if (!x509_get_notbefore(*x509, fn, &gbr->notbefore))
goto out;
- if (!x509_get_notafter(*x509, fn, &p.res->notafter))
+ if (!x509_get_notafter(*x509, fn, &gbr->notafter))
goto out;
if (!x509_inherits(*x509)) {
@@ -91,10 +80,10 @@ gbr_parse(X509 **x509, const char *fn, i
if ((cert = cert_parse_ee_cert(fn, talid, *x509)) == NULL)
goto out;
- return p.res;
+ return gbr;
out:
- gbr_free(p.res);
+ gbr_free(gbr);
X509_free(*x509);
*x509 = NULL;
cert_free(cert);
Index: geofeed.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/geofeed.c,v
diff -u -p -r1.15 geofeed.c
--- geofeed.c 13 Oct 2023 12:06:49 -0000 1.15
+++ geofeed.c 16 Feb 2024 12:10:53 -0000
@@ -31,11 +31,6 @@
#include "extern.h"
-struct parse {
- const char *fn;
- struct geofeed *res;
-};
-
extern ASN1_OBJECT *geofeed_oid;
/*
@@ -43,7 +38,7 @@ extern ASN1_OBJECT *geofeed_oid;
* Returns 1 on success, 0 on failure.
*/
static int
-geofeed_parse_geoip(struct geofeed *res, char *cidr, char *loc)
+geofeed_parse_geoip(struct geofeed *geofeed, char *cidr, char *loc)
{
struct geoip *geoip;
struct ip_addr *ipaddr;
@@ -73,11 +68,11 @@ geofeed_parse_geoip(struct geofeed *res,
ipaddr->prefixlen = plen;
- res->geoips = recallocarray(res->geoips, res->geoipsz,
- res->geoipsz + 1, sizeof(struct geoip));
- if (res->geoips == NULL)
+ geofeed->geoips = recallocarray(geofeed->geoips, geofeed->geoipsz,
+ geofeed->geoipsz + 1, sizeof(struct geoip));
+ if (geofeed->geoips == NULL)
err(1, NULL);
- geoip = &res->geoips[res->geoipsz++];
+ geoip = &geofeed->geoips[geofeed->geoipsz++];
if ((geoip->ip = calloc(1, sizeof(struct cert_ip))) == NULL)
err(1, NULL);
@@ -102,7 +97,7 @@ geofeed_parse_geoip(struct geofeed *res,
struct geofeed *
geofeed_parse(X509 **x509, const char *fn, int talid, char *buf, size_t len)
{
- struct parse p;
+ struct geofeed *geofeed;
char *delim, *line, *loc, *nl;
ssize_t linelen;
BIO *bio;
@@ -118,10 +113,7 @@ geofeed_parse(X509 **x509, const char *f
if (bio == NULL)
errx(1, "BIO_new");
- memset(&p, 0, sizeof(struct parse));
- p.fn = fn;
-
- if ((p.res = calloc(1, sizeof(struct geofeed))) == NULL)
+ if ((geofeed = calloc(1, sizeof(*geofeed))) == NULL)
err(1, NULL);
while ((nl = memchr(buf, '\n', len)) != NULL) {
@@ -217,7 +209,7 @@ geofeed_parse(X509 **x509, const char *f
loc = "";
/* read each prefix */
- if (!geofeed_parse_geoip(p.res, line, loc))
+ if (!geofeed_parse_geoip(geofeed, line, loc))
goto out;
}
@@ -232,24 +224,25 @@ geofeed_parse(X509 **x509, const char *f
}
if (!cms_parse_validate_detached(x509, fn, der, dersz, geofeed_oid,
- bio, &p.res->signtime))
+ bio, &geofeed->signtime))
goto out;
- if (!x509_get_aia(*x509, fn, &p.res->aia))
+ if (!x509_get_aia(*x509, fn, &geofeed->aia))
goto out;
- if (!x509_get_aki(*x509, fn, &p.res->aki))
+ if (!x509_get_aki(*x509, fn, &geofeed->aki))
goto out;
- if (!x509_get_ski(*x509, fn, &p.res->ski))
+ if (!x509_get_ski(*x509, fn, &geofeed->ski))
goto out;
- if (p.res->aia == NULL || p.res->aki == NULL || p.res->ski == NULL) {
+ if (geofeed->aia == NULL || geofeed->aki == NULL ||
+ geofeed->ski == NULL) {
warnx("%s: missing AIA, AKI, or SKI X509 extension", fn);
goto out;
}
- if (!x509_get_notbefore(*x509, fn, &p.res->notbefore))
+ if (!x509_get_notbefore(*x509, fn, &geofeed->notbefore))
goto out;
- if (!x509_get_notafter(*x509, fn, &p.res->notafter))
+ if (!x509_get_notafter(*x509, fn, &geofeed->notafter))
goto out;
if ((cert = cert_parse_ee_cert(fn, talid, *x509)) == NULL)
@@ -265,13 +258,13 @@ geofeed_parse(X509 **x509, const char *f
goto out;
}
- p.res->valid = valid_geofeed(fn, cert, p.res);
+ geofeed->valid = valid_geofeed(fn, cert, geofeed);
rc = 1;
out:
if (rc == 0) {
- geofeed_free(p.res);
- p.res = NULL;
+ geofeed_free(geofeed);
+ geofeed = NULL;
X509_free(*x509);
*x509 = NULL;
}
@@ -280,7 +273,7 @@ geofeed_parse(X509 **x509, const char *f
free(b64);
free(der);
- return p.res;
+ return geofeed;
}
/*
Index: mft.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/mft.c,v
diff -u -p -r1.110 mft.c
--- mft.c 16 Feb 2024 15:18:08 -0000 1.110
+++ mft.c 16 Feb 2024 15:28:23 -0000
@@ -34,15 +34,6 @@
#include "extern.h"
-/*
- * Parse results and data of the manifest file.
- */
-struct parse {
- const char *fn; /* manifest file name */
- struct mft *res; /* result object */
- int found_crl;
-};
-
extern ASN1_OBJECT *mft_oid;
/*
@@ -183,7 +174,8 @@ rtype_from_mftfile(const char *fn)
* Return zero on failure, non-zero on success.
*/
static int
-mft_parse_filehash(struct parse *p, const FileAndHash *fh)
+mft_parse_filehash(const char *fn, struct mft *mft, const FileAndHash *fh,
+ int *found_crl)
{
char *file = NULL;
int rc = 0;
@@ -192,7 +184,7 @@ mft_parse_filehash(struct parse *p, cons
size_t new_idx = 0;
if (!valid_mft_filename(fh->file->data, fh->file->length)) {
- warnx("%s: RFC 6486 section 4.2.2: bad filename", p->fn);
+ warnx("%s: RFC 6486 section 4.2.2: bad filename", fn);
goto out;
}
file = strndup(fh->file->data, fh->file->length);
@@ -201,25 +193,24 @@ mft_parse_filehash(struct parse *p, cons
if (fh->hash->length != SHA256_DIGEST_LENGTH) {
warnx("%s: RFC 6486 section 4.2.1: hash: "
- "invalid SHA256 length, have %d",
- p->fn, fh->hash->length);
+ "invalid SHA256 length, have %d", fn, fh->hash->length);
goto out;
}
type = rtype_from_mftfile(file);
/* remember the filehash for the CRL in struct mft */
- if (type == RTYPE_CRL && strcmp(file, p->res->crl) == 0) {
- memcpy(p->res->crlhash, fh->hash->data, SHA256_DIGEST_LENGTH);
- p->found_crl = 1;
+ if (type == RTYPE_CRL && strcmp(file, mft->crl) == 0) {
+ memcpy(mft->crlhash, fh->hash->data, SHA256_DIGEST_LENGTH);
+ *found_crl = 1;
}
if (filemode)
- fent = &p->res->files[p->res->filesz++];
+ fent = &mft->files[mft->filesz++];
else {
/* Fisher-Yates shuffle */
- new_idx = arc4random_uniform(p->res->filesz + 1);
- p->res->files[p->res->filesz++] = p->res->files[new_idx];
- fent = &p->res->files[new_idx];
+ new_idx = arc4random_uniform(mft->filesz + 1);
+ mft->files[mft->filesz++] = mft->files[new_idx];
+ fent = &mft->files[new_idx];
}
fent->type = type;
@@ -308,30 +299,30 @@ mft_has_unique_names_and_hashes(const ch
* Returns 0 on failure and 1 on success.
*/
static int
-mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
+mft_parse_econtent(const char *fn, struct mft *mft, const unsigned char *d,
+ size_t dsz)
{
const unsigned char *oder;
Manifest *mft_asn1;
FileAndHash *fh;
- int i, rc = 0;
+ int found_crl, i, rc = 0;
oder = d;
if ((mft_asn1 = d2i_Manifest(NULL, &d, dsz)) == NULL) {
- warnx("%s: RFC 6486 section 4: failed to parse Manifest",
- p->fn);
+ warnx("%s: RFC 6486 section 4: failed to parse Manifest", fn);
goto out;
}
if (d != oder + dsz) {
- warnx("%s: %td bytes trailing garbage in eContent", p->fn,
+ warnx("%s: %td bytes trailing garbage in eContent", fn,
oder + dsz - d);
goto out;
}
- if (!valid_econtent_version(p->fn, mft_asn1->version, 0))
+ if (!valid_econtent_version(fn, mft_asn1->version, 0))
goto out;
- p->res->seqnum = x509_convert_seqnum(p->fn, mft_asn1->manifestNumber);
- if (p->res->seqnum == NULL)
+ mft->seqnum = x509_convert_seqnum(fn, mft_asn1->manifestNumber);
+ if (mft->seqnum == NULL)
goto out;
/*
@@ -339,60 +330,61 @@ mft_parse_econtent(const unsigned char *
* which doesn't conform to RFC 5280. So, double check.
*/
if (ASN1_STRING_length(mft_asn1->thisUpdate) != GENTIME_LENGTH) {
- warnx("%s: embedded from time format invalid", p->fn);
+ warnx("%s: embedded from time format invalid", fn);
goto out;
}
if (ASN1_STRING_length(mft_asn1->nextUpdate) != GENTIME_LENGTH) {
- warnx("%s: embedded until time format invalid", p->fn);
+ warnx("%s: embedded until time format invalid", fn);
goto out;
}
- if (!x509_get_time(mft_asn1->thisUpdate, &p->res->thisupdate)) {
- warn("%s: parsing manifest thisUpdate failed", p->fn);
+ if (!x509_get_time(mft_asn1->thisUpdate, &mft->thisupdate)) {
+ warn("%s: parsing manifest thisUpdate failed", fn);
goto out;
}
- if (!x509_get_time(mft_asn1->nextUpdate, &p->res->nextupdate)) {
- warn("%s: parsing manifest nextUpdate failed", p->fn);
+ if (!x509_get_time(mft_asn1->nextUpdate, &mft->nextupdate)) {
+ warn("%s: parsing manifest nextUpdate failed", fn);
goto out;
}
- if (p->res->thisupdate > p->res->nextupdate) {
- warnx("%s: bad update interval", p->fn);
+ if (mft->thisupdate > mft->nextupdate) {
+ warnx("%s: bad update interval", fn);
goto out;
}
if (OBJ_obj2nid(mft_asn1->fileHashAlg) != NID_sha256) {
warnx("%s: RFC 6486 section 4.2.1: fileHashAlg: "
- "want SHA256 object, have %s (NID %d)", p->fn,
+ "want SHA256 object, have %s (NID %d)", fn,
ASN1_tag2str(OBJ_obj2nid(mft_asn1->fileHashAlg)),
OBJ_obj2nid(mft_asn1->fileHashAlg));
goto out;
}
if (sk_FileAndHash_num(mft_asn1->fileList) >= MAX_MANIFEST_ENTRIES) {
- warnx("%s: %d exceeds manifest entry limit (%d)", p->fn,
+ warnx("%s: %d exceeds manifest entry limit (%d)", fn,
sk_FileAndHash_num(mft_asn1->fileList),
MAX_MANIFEST_ENTRIES);
goto out;
}
- p->res->files = calloc(sk_FileAndHash_num(mft_asn1->fileList),
+ mft->files = calloc(sk_FileAndHash_num(mft_asn1->fileList),
sizeof(struct mftfile));
- if (p->res->files == NULL)
+ if (mft->files == NULL)
err(1, NULL);
+ found_crl = 0;
for (i = 0; i < sk_FileAndHash_num(mft_asn1->fileList); i++) {
fh = sk_FileAndHash_value(mft_asn1->fileList, i);
- if (!mft_parse_filehash(p, fh))
+ if (!mft_parse_filehash(fn, mft, fh, &found_crl))
goto out;
}
- if (!p->found_crl) {
- warnx("%s: CRL not part of MFT fileList", p->fn);
+ if (!found_crl) {
+ warnx("%s: CRL not part of MFT fileList", fn);
goto out;
}
- if (!mft_has_unique_names_and_hashes(p->fn, mft_asn1))
+ if (!mft_has_unique_names_and_hashes(fn, mft_asn1))
goto out;
rc = 1;
@@ -409,7 +401,7 @@ struct mft *
mft_parse(X509 **x509, const char *fn, int talid, const unsigned char *der,
size_t len)
{
- struct parse p;
+ struct mft *mft;
struct cert *cert = NULL;
int rc = 0;
size_t cmsz;
@@ -417,28 +409,25 @@ mft_parse(X509 **x509, const char *fn, i
char *crldp = NULL, *crlfile;
time_t signtime = 0;
- memset(&p, 0, sizeof(struct parse));
- p.fn = fn;
-
cms = cms_parse_validate(x509, fn, der, len, mft_oid, &cmsz, &signtime);
if (cms == NULL)
return NULL;
assert(*x509 != NULL);
- if ((p.res = calloc(1, sizeof(struct mft))) == NULL)
+ if ((mft = calloc(1, sizeof(*mft))) == NULL)
err(1, NULL);
- p.res->signtime = signtime;
+ mft->signtime = signtime;
- if (!x509_get_aia(*x509, fn, &p.res->aia))
+ if (!x509_get_aia(*x509, fn, &mft->aia))
goto out;
- if (!x509_get_aki(*x509, fn, &p.res->aki))
+ if (!x509_get_aki(*x509, fn, &mft->aki))
goto out;
- if (!x509_get_sia(*x509, fn, &p.res->sia))
+ if (!x509_get_sia(*x509, fn, &mft->sia))
goto out;
- if (!x509_get_ski(*x509, fn, &p.res->ski))
+ if (!x509_get_ski(*x509, fn, &mft->ski))
goto out;
- if (p.res->aia == NULL || p.res->aki == NULL || p.res->sia == NULL ||
- p.res->ski == NULL) {
+ if (mft->aia == NULL || mft->aki == NULL || mft->sia == NULL ||
+ mft->ski == NULL) {
warnx("%s: RFC 6487 section 4.8: "
"missing AIA, AKI, SIA, or SKI X509 extension", fn);
goto out;
@@ -470,16 +459,16 @@ mft_parse(X509 **x509, const char *fn, i
"bad CRL distribution point extension", fn);
goto out;
}
- if ((p.res->crl = strdup(crlfile)) == NULL)
+ if ((mft->crl = strdup(crlfile)) == NULL)
err(1, NULL);
- if (mft_parse_econtent(cms, cmsz, &p) == 0)
+ if (mft_parse_econtent(fn, mft, cms, cmsz) == 0)
goto out;
if ((cert = cert_parse_ee_cert(fn, talid, *x509)) == NULL)
goto out;
- if (p.res->signtime > p.res->nextupdate) {
+ if (mft->signtime > mft->nextupdate) {
warnx("%s: dating issue: CMS signing-time after MFT nextUpdate",
fn);
goto out;
@@ -488,15 +477,15 @@ mft_parse(X509 **x509, const char *fn, i
rc = 1;
out:
if (rc == 0) {
- mft_free(p.res);
- p.res = NULL;
+ mft_free(mft);
+ mft = NULL;
X509_free(*x509);
*x509 = NULL;
}
free(crldp);
cert_free(cert);
free(cms);
- return p.res;
+ return mft;
}
/*
Index: roa.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/roa.c,v
diff -u -p -r1.76 roa.c
--- roa.c 16 Feb 2024 15:13:49 -0000 1.76
+++ roa.c 16 Feb 2024 15:29:03 -0000
@@ -31,14 +31,6 @@
#include "extern.h"
-/*
- * Parse results and data of the manifest file.
- */
-struct parse {
- const char *fn; /* manifest file name */
- struct roa *res; /* results */
-};
-
extern ASN1_OBJECT *roa_oid;
/*
@@ -103,7 +95,8 @@ IMPLEMENT_ASN1_FUNCTIONS(RouteOriginAtte
* Returns zero on failure, non-zero on success.
*/
static int
-roa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
+roa_parse_econtent(const char *fn, struct roa *roa, const unsigned char *d,
+ size_t dsz)
{
const unsigned char *oder;
RouteOriginAttestation *roa_asn1;
@@ -121,39 +114,40 @@ roa_parse_econtent(const unsigned char *
oder = d;
if ((roa_asn1 = d2i_RouteOriginAttestation(NULL, &d, dsz)) == NULL) {
warnx("%s: RFC 6482 section 3: failed to parse "
- "RouteOriginAttestation", p->fn);
+ "RouteOriginAttestation", fn);
goto out;
}
if (d != oder + dsz) {
- warnx("%s: %td bytes trailing garbage in eContent", p->fn,
+ warnx("%s: %td bytes trailing garbage in eContent", fn,
oder + dsz - d);
goto out;
}
- if (!valid_econtent_version(p->fn, roa_asn1->version, 0))
+ if (!valid_econtent_version(fn, roa_asn1->version, 0))
goto out;
- if (!as_id_parse(roa_asn1->asid, &p->res->asid)) {
+ if (!as_id_parse(roa_asn1->asid, &roa->asid)) {
warnx("%s: RFC 6482 section 3.2: asID: "
- "malformed AS identifier", p->fn);
+ "malformed AS identifier", fn);
goto out;
}
ipaddrblocksz = sk_ROAIPAddressFamily_num(roa_asn1->ipAddrBlocks);
if (ipaddrblocksz != 1 && ipaddrblocksz != 2) {
warnx("%s: draft-rfc6482bis: unexpected number of ipAddrBlocks "
- "(got %d, expected 1 or 2)", p->fn, ipaddrblocksz);
+ "(got %d, expected 1 or 2)", fn, ipaddrblocksz);
goto out;
}
for (i = 0; i < ipaddrblocksz; i++) {
- addrfam = sk_ROAIPAddressFamily_value(roa_asn1->ipAddrBlocks, i);
+ addrfam = sk_ROAIPAddressFamily_value(roa_asn1->ipAddrBlocks,
+ i);
addrs = addrfam->addresses;
addrsz = sk_ROAIPAddress_num(addrs);
- if (!ip_addr_afi_parse(p->fn, addrfam->addressFamily, &afi)) {
+ if (!ip_addr_afi_parse(fn, addrfam->addressFamily, &afi)) {
warnx("%s: RFC 6482 section 3.3: addressFamily: "
- "invalid", p->fn);
+ "invalid", fn);
goto out;
}
@@ -161,14 +155,14 @@ roa_parse_econtent(const unsigned char *
case AFI_IPV4:
if (ipv4_seen++ > 0) {
warnx("%s: RFC 6482bis section 4.3.2: "
- "IPv4 appears twice", p->fn);
+ "IPv4 appears twice", fn);
goto out;
}
break;
case AFI_IPV6:
if (ipv6_seen++ > 0) {
warnx("%s: RFC 6482bis section 4.3.2: "
- "IPv6 appears twice", p->fn);
+ "IPv6 appears twice", fn);
goto out;
}
break;
@@ -176,27 +170,26 @@ roa_parse_econtent(const unsigned char *
if (addrsz == 0) {
warnx("%s: RFC 6482bis, section 4.3.2: "
- "empty ROAIPAddressFamily", p->fn);
+ "empty ROAIPAddressFamily", fn);
goto out;
}
- if (p->res->ipsz + addrsz >= MAX_IP_SIZE) {
+ if (roa->ipsz + addrsz >= MAX_IP_SIZE) {
warnx("%s: too many ROAIPAddress entries: limit %d",
- p->fn, MAX_IP_SIZE);
+ fn, MAX_IP_SIZE);
goto out;
}
- p->res->ips = recallocarray(p->res->ips, p->res->ipsz,
- p->res->ipsz + addrsz, sizeof(struct roa_ip));
- if (p->res->ips == NULL)
+ roa->ips = recallocarray(roa->ips, roa->ipsz,
+ roa->ipsz + addrsz, sizeof(struct roa_ip));
+ if (roa->ips == NULL)
err(1, NULL);
for (j = 0; j < addrsz; j++) {
addr = sk_ROAIPAddress_value(addrs, j);
- if (!ip_addr_parse(addr->address, afi, p->fn,
- &ipaddr)) {
+ if (!ip_addr_parse(addr->address, afi, fn, &ipaddr)) {
warnx("%s: RFC 6482 section 3.3: address: "
- "invalid IP address", p->fn);
+ "invalid IP address", fn);
goto out;
}
maxlen = ipaddr.prefixlen;
@@ -206,24 +199,24 @@ roa_parse_econtent(const unsigned char *
addr->maxLength)) {
warnx("%s: RFC 6482 section 3.2: "
"ASN1_INTEGER_get_uint64 failed",
- p->fn);
+ fn);
goto out;
}
if (ipaddr.prefixlen > maxlen) {
warnx("%s: prefixlen (%d) larger than "
- "maxLength (%llu)", p->fn,
+ "maxLength (%llu)", fn,
ipaddr.prefixlen,
(unsigned long long)maxlen);
goto out;
}
if (maxlen > ((afi == AFI_IPV4) ? 32 : 128)) {
warnx("%s: maxLength (%llu) too large",
- p->fn, (unsigned long long)maxlen);
+ fn, (unsigned long long)maxlen);
goto out;
}
}
- res = &p->res->ips[p->res->ipsz++];
+ res = &roa->ips[roa->ipsz++];
res->addr = ipaddr;
res->afi = afi;
res->maxlength = maxlen;
@@ -245,45 +238,42 @@ struct roa *
roa_parse(X509 **x509, const char *fn, int talid, const unsigned char *der,
size_t len)
{
- struct parse p;
+ struct roa *roa;
size_t cmsz;
unsigned char *cms;
struct cert *cert = NULL;
time_t signtime = 0;
int rc = 0;
- memset(&p, 0, sizeof(struct parse));
- p.fn = fn;
-
cms = cms_parse_validate(x509, fn, der, len, roa_oid, &cmsz, &signtime);
if (cms == NULL)
return NULL;
- if ((p.res = calloc(1, sizeof(struct roa))) == NULL)
+ if ((roa = calloc(1, sizeof(struct roa))) == NULL)
err(1, NULL);
- p.res->signtime = signtime;
+ roa->signtime = signtime;
- if (!x509_get_aia(*x509, fn, &p.res->aia))
+ if (!x509_get_aia(*x509, fn, &roa->aia))
goto out;
- if (!x509_get_aki(*x509, fn, &p.res->aki))
+ if (!x509_get_aki(*x509, fn, &roa->aki))
goto out;
- if (!x509_get_sia(*x509, fn, &p.res->sia))
+ if (!x509_get_sia(*x509, fn, &roa->sia))
goto out;
- if (!x509_get_ski(*x509, fn, &p.res->ski))
+ if (!x509_get_ski(*x509, fn, &roa->ski))
goto out;
- if (p.res->aia == NULL || p.res->aki == NULL || p.res->sia == NULL ||
- p.res->ski == NULL) {
+ if (roa->aia == NULL || roa->aki == NULL || roa->sia == NULL ||
+ roa->ski == NULL) {
warnx("%s: RFC 6487 section 4.8: "
"missing AIA, AKI, SIA, or SKI X509 extension", fn);
goto out;
}
- if (!x509_get_notbefore(*x509, fn, &p.res->notbefore))
+ if (!x509_get_notbefore(*x509, fn, &roa->notbefore))
goto out;
- if (!x509_get_notafter(*x509, fn, &p.res->notafter))
+ if (!x509_get_notafter(*x509, fn, &roa->notafter))
goto out;
- if (!roa_parse_econtent(cms, cmsz, &p))
+ if (!roa_parse_econtent(fn, roa, cms, cmsz))
goto out;
if (x509_any_inherits(*x509)) {
@@ -303,19 +293,19 @@ roa_parse(X509 **x509, const char *fn, i
* If the ROA isn't valid, we accept it anyway and depend upon
* the code around roa_read() to check the "valid" field itself.
*/
- p.res->valid = valid_roa(fn, cert, p.res);
+ roa->valid = valid_roa(fn, cert, roa);
rc = 1;
out:
if (rc == 0) {
- roa_free(p.res);
- p.res = NULL;
+ roa_free(roa);
+ roa = NULL;
X509_free(*x509);
*x509 = NULL;
}
cert_free(cert);
free(cms);
- return p.res;
+ return roa;
}
/*
Index: rsc.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/rsc.c,v
diff -u -p -r1.33 rsc.c
--- rsc.c 16 Feb 2024 15:19:02 -0000 1.33
+++ rsc.c 16 Feb 2024 15:28:45 -0000
@@ -31,14 +31,6 @@
#include "extern.h"
-/*
- * Parse results and data of the Signed Checklist file.
- */
-struct parse {
- const char *fn; /* Signed Checklist file name */
- struct rsc *res; /* results */
-};
-
extern ASN1_OBJECT *rsc_oid;
/*
@@ -135,7 +127,8 @@ IMPLEMENT_ASN1_FUNCTIONS(RpkiSignedCheck
* Return 0 on failure.
*/
static int
-rsc_parse_aslist(struct parse *p, const ConstrainedASIdentifiers *asids)
+rsc_parse_aslist(const char *fn, struct rsc *rsc,
+ const ConstrainedASIdentifiers *asids)
{
int i, asz;
@@ -143,18 +136,18 @@ rsc_parse_aslist(struct parse *p, const
return 1;
if ((asz = sk_ASIdOrRange_num(asids->asnum)) == 0) {
- warnx("%s: RSC asID empty", p->fn);
+ warnx("%s: RSC asID empty", fn);
return 0;
}
if (asz >= MAX_AS_SIZE) {
warnx("%s: too many AS number entries: limit %d",
- p->fn, MAX_AS_SIZE);
+ fn, MAX_AS_SIZE);
return 0;
}
- p->res->as = calloc(asz, sizeof(struct cert_as));
- if (p->res->as == NULL)
+ rsc->as = calloc(asz, sizeof(struct cert_as));
+ if (rsc->as == NULL)
err(1, NULL);
for (i = 0; i < asz; i++) {
@@ -164,18 +157,16 @@ rsc_parse_aslist(struct parse *p, const
switch (aor->type) {
case ASIdOrRange_id:
- if (!sbgp_as_id(p->fn, p->res->as, &p->res->asz,
- aor->u.id))
+ if (!sbgp_as_id(fn, rsc->as, &rsc->asz, aor->u.id))
return 0;
break;
case ASIdOrRange_range:
- if (!sbgp_as_range(p->fn, p->res->as, &p->res->asz,
+ if (!sbgp_as_range(fn, rsc->as, &rsc->asz,
aor->u.range))
return 0;
break;
default:
- warnx("%s: RSC AsList: unknown type %d", p->fn,
- aor->type);
+ warnx("%s: RSC AsList: unknown type %d", fn, aor->type);
return 0;
}
}
@@ -184,7 +175,8 @@ rsc_parse_aslist(struct parse *p, const
}
static int
-rsc_parse_iplist(struct parse *p, const ConstrainedIPAddrBlocks *ipAddrBlocks)
+rsc_parse_iplist(const char *fn, struct rsc *rsc,
+ const ConstrainedIPAddrBlocks *ipAddrBlocks)
{
const ConstrainedIPAddressFamily *af;
const IPAddressOrRanges *aors;
@@ -197,7 +189,7 @@ rsc_parse_iplist(struct parse *p, const
return 1;
if (sk_ConstrainedIPAddressFamily_num(ipAddrBlocks) == 0) {
- warnx("%s: RSC ipAddrBlocks empty", p->fn);
+ warnx("%s: RSC ipAddrBlocks empty", fn);
return 0;
}
@@ -205,20 +197,20 @@ rsc_parse_iplist(struct parse *p, const
af = sk_ConstrainedIPAddressFamily_value(ipAddrBlocks, i);
aors = af->addressesOrRanges;
- ipsz = p->res->ipsz + sk_IPAddressOrRange_num(aors);
+ ipsz = rsc->ipsz + sk_IPAddressOrRange_num(aors);
if (ipsz >= MAX_IP_SIZE) {
warnx("%s: too many IP address entries: limit %d",
- p->fn, MAX_IP_SIZE);
+ fn, MAX_IP_SIZE);
return 0;
}
- p->res->ips = recallocarray(p->res->ips, p->res->ipsz, ipsz,
+ rsc->ips = recallocarray(rsc->ips, rsc->ipsz, ipsz,
sizeof(struct cert_ip));
- if (p->res->ips == NULL)
+ if (rsc->ips == NULL)
err(1, NULL);
- if (!ip_addr_afi_parse(p->fn, af->addressFamily, &afi)) {
- warnx("%s: RSC: invalid AFI", p->fn);
+ if (!ip_addr_afi_parse(fn, af->addressFamily, &afi)) {
+ warnx("%s: RSC: invalid AFI", fn);
return 0;
}
@@ -226,18 +218,18 @@ rsc_parse_iplist(struct parse *p, const
aor = sk_IPAddressOrRange_value(aors, j);
switch (aor->type) {
case IPAddressOrRange_addressPrefix:
- if (!sbgp_addr(p->fn, p->res->ips,
- &p->res->ipsz, afi, aor->u.addressPrefix))
+ if (!sbgp_addr(fn, rsc->ips,
+ &rsc->ipsz, afi, aor->u.addressPrefix))
return 0;
break;
case IPAddressOrRange_addressRange:
- if (!sbgp_addr_range(p->fn, p->res->ips,
- &p->res->ipsz, afi, aor->u.addressRange))
+ if (!sbgp_addr_range(fn, rsc->ips,
+ &rsc->ipsz, afi, aor->u.addressRange))
return 0;
break;
default:
warnx("%s: RFC 3779: IPAddressOrRange: "
- "unknown type %d", p->fn, aor->type);
+ "unknown type %d", fn, aor->type);
return 0;
}
}
@@ -247,7 +239,7 @@ rsc_parse_iplist(struct parse *p, const
}
static int
-rsc_check_digesttype(struct parse *p, const X509_ALGOR *alg)
+rsc_check_digesttype(const char *fn, struct rsc *rsc, const X509_ALGOR *alg)
{
const ASN1_OBJECT *obj;
int type, nid;
@@ -256,13 +248,13 @@ rsc_check_digesttype(struct parse *p, co
if (type != V_ASN1_UNDEF) {
warnx("%s: RSC DigestAlgorithmIdentifier unexpected parameters:"
- " %d", p->fn, type);
+ " %d", fn, type);
return 0;
}
if ((nid = OBJ_obj2nid(obj)) != NID_sha256) {
warnx("%s: RSC DigestAlgorithmIdentifier: want SHA256, have %s"
- " (NID %d)", p->fn, ASN1_tag2str(nid), nid);
+ " (NID %d)", fn, ASN1_tag2str(nid), nid);
return 0;
}
@@ -274,7 +266,8 @@ rsc_check_digesttype(struct parse *p, co
* Return zero on failure, non-zero on success.
*/
static int
-rsc_parse_checklist(struct parse *p, const STACK_OF(FileNameAndHash) *checkList)
+rsc_parse_checklist(const char *fn, struct rsc *rsc,
+ const STACK_OF(FileNameAndHash) *checkList)
{
FileNameAndHash *fh;
ASN1_IA5STRING *fileName;
@@ -282,28 +275,28 @@ rsc_parse_checklist(struct parse *p, con
size_t sz, i;
if ((sz = sk_FileNameAndHash_num(checkList)) == 0) {
- warnx("%s: RSC checkList needs at least one entry", p->fn);
+ warnx("%s: RSC checkList needs at least one entry", fn);
return 0;
}
if (sz >= MAX_CHECKLIST_ENTRIES) {
- warnx("%s: %zu exceeds checklist entry limit (%d)", p->fn, sz,
+ warnx("%s: %zu exceeds checklist entry limit (%d)", fn, sz,
MAX_CHECKLIST_ENTRIES);
return 0;
}
- p->res->files = calloc(sz, sizeof(struct rscfile));
- if (p->res->files == NULL)
+ rsc->files = calloc(sz, sizeof(struct rscfile));
+ if (rsc->files == NULL)
err(1, NULL);
- p->res->filesz = sz;
+ rsc->filesz = sz;
for (i = 0; i < sz; i++) {
fh = sk_FileNameAndHash_value(checkList, i);
- file = &p->res->files[i];
+ file = &rsc->files[i];
if (fh->hash->length != SHA256_DIGEST_LENGTH) {
- warnx("%s: RSC Digest: invalid SHA256 length", p->fn);
+ warnx("%s: RSC Digest: invalid SHA256 length", fn);
return 0;
}
memcpy(file->hash, fh->hash->data, SHA256_DIGEST_LENGTH);
@@ -312,7 +305,7 @@ rsc_parse_checklist(struct parse *p, con
continue;
if (!valid_filename(fileName->data, fileName->length)) {
- warnx("%s: RSC FileNameAndHash: bad filename", p->fn);
+ warnx("%s: RSC FileNameAndHash: bad filename", fn);
return 0;
}
@@ -330,7 +323,8 @@ rsc_parse_checklist(struct parse *p, con
* Returns zero on failure, non-zero on success.
*/
static int
-rsc_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
+rsc_parse_econtent(const char *fn, struct rsc *rsc, const unsigned char *d,
+ size_t dsz)
{
const unsigned char *oder;
RpkiSignedChecklist *rsc_asn1;
@@ -343,35 +337,35 @@ rsc_parse_econtent(const unsigned char *
oder = d;
if ((rsc_asn1 = d2i_RpkiSignedChecklist(NULL, &d, dsz)) == NULL) {
- warnx("%s: RSC: failed to parse RpkiSignedChecklist", p->fn);
+ warnx("%s: RSC: failed to parse RpkiSignedChecklist", fn);
goto out;
}
if (d != oder + dsz) {
- warnx("%s: %td bytes trailing garbage in eContent", p->fn,
+ warnx("%s: %td bytes trailing garbage in eContent", fn,
oder + dsz - d);
goto out;
}
- if (!valid_econtent_version(p->fn, rsc_asn1->version, 0))
+ if (!valid_econtent_version(fn, rsc_asn1->version, 0))
goto out;
resources = rsc_asn1->resources;
if (resources->asID == NULL && resources->ipAddrBlocks == NULL) {
warnx("%s: RSC: one of asID or ipAddrBlocks must be present",
- p->fn);
+ fn);
goto out;
}
- if (!rsc_parse_aslist(p, resources->asID))
+ if (!rsc_parse_aslist(fn, rsc, resources->asID))
goto out;
- if (!rsc_parse_iplist(p, resources->ipAddrBlocks))
+ if (!rsc_parse_iplist(fn, rsc, resources->ipAddrBlocks))
goto out;
- if (!rsc_check_digesttype(p, rsc_asn1->digestAlgorithm))
+ if (!rsc_check_digesttype(fn, rsc, rsc_asn1->digestAlgorithm))
goto out;
- if (!rsc_parse_checklist(p, rsc_asn1->checkList))
+ if (!rsc_parse_checklist(fn, rsc, rsc_asn1->checkList))
goto out;
rc = 1;
@@ -388,40 +382,37 @@ struct rsc *
rsc_parse(X509 **x509, const char *fn, int talid, const unsigned char *der,
size_t len)
{
- struct parse p;
+ struct rsc *rsc;
unsigned char *cms;
size_t cmsz;
struct cert *cert = NULL;
time_t signtime = 0;
int rc = 0;
- memset(&p, 0, sizeof(struct parse));
- p.fn = fn;
-
cms = cms_parse_validate(x509, fn, der, len, rsc_oid, &cmsz,
&signtime);
if (cms == NULL)
return NULL;
- if ((p.res = calloc(1, sizeof(struct rsc))) == NULL)
+ if ((rsc = calloc(1, sizeof(struct rsc))) == NULL)
err(1, NULL);
- p.res->signtime = signtime;
+ rsc->signtime = signtime;
- if (!x509_get_aia(*x509, fn, &p.res->aia))
+ if (!x509_get_aia(*x509, fn, &rsc->aia))
goto out;
- if (!x509_get_aki(*x509, fn, &p.res->aki))
+ if (!x509_get_aki(*x509, fn, &rsc->aki))
goto out;
- if (!x509_get_ski(*x509, fn, &p.res->ski))
+ if (!x509_get_ski(*x509, fn, &rsc->ski))
goto out;
- if (p.res->aia == NULL || p.res->aki == NULL || p.res->ski == NULL) {
+ if (rsc->aia == NULL || rsc->aki == NULL || rsc->ski == NULL) {
warnx("%s: RFC 6487 section 4.8: "
"missing AIA, AKI or SKI X509 extension", fn);
goto out;
}
- if (!x509_get_notbefore(*x509, fn, &p.res->notbefore))
+ if (!x509_get_notbefore(*x509, fn, &rsc->notbefore))
goto out;
- if (!x509_get_notafter(*x509, fn, &p.res->notafter))
+ if (!x509_get_notafter(*x509, fn, &rsc->notafter))
goto out;
if (X509_get_ext_by_NID(*x509, NID_sinfo_access, -1) != -1) {
@@ -434,25 +425,25 @@ rsc_parse(X509 **x509, const char *fn, i
goto out;
}
- if (!rsc_parse_econtent(cms, cmsz, &p))
+ if (!rsc_parse_econtent(fn, rsc, cms, cmsz))
goto out;
if ((cert = cert_parse_ee_cert(fn, talid, *x509)) == NULL)
goto out;
- p.res->valid = valid_rsc(fn, cert, p.res);
+ rsc->valid = valid_rsc(fn, cert, rsc);
rc = 1;
out:
if (rc == 0) {
- rsc_free(p.res);
- p.res = NULL;
+ rsc_free(rsc);
+ rsc = NULL;
X509_free(*x509);
*x509 = NULL;
}
cert_free(cert);
free(cms);
- return p.res;
+ return rsc;
}
/*
Index: tak.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/tak.c,v
diff -u -p -r1.18 tak.c
--- tak.c 16 Feb 2024 15:13:49 -0000 1.18
+++ tak.c 16 Feb 2024 15:27:22 -0000
@@ -31,14 +31,6 @@
#include "extern.h"
-/*
- * Parse results and data of the Trust Anchor Key file.
- */
-struct parse {
- const char *fn; /* TAK file name */
- struct tak *res; /* results */
-};
-
extern ASN1_OBJECT *tak_oid;
/*
@@ -161,22 +153,20 @@ parse_takey(const char *fn, const TAKey
* Returns zero on failure, non-zero on success.
*/
static int
-tak_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
+tak_parse_econtent(const char *fn, struct tak *tak, const unsigned char *d,
+ size_t dsz)
{
const unsigned char *oder;
TAK *tak_asn1;
- const char *fn;
int rc = 0;
- fn = p->fn;
-
oder = d;
if ((tak_asn1 = d2i_TAK(NULL, &d, dsz)) == NULL) {
warnx("%s: failed to parse Trust Anchor Key", fn);
goto out;
}
if (d != oder + dsz) {
- warnx("%s: %td bytes trailing garbage in eContent", p->fn,
+ warnx("%s: %td bytes trailing garbage in eContent", fn,
oder + dsz - d);
goto out;
}
@@ -184,19 +174,19 @@ tak_parse_econtent(const unsigned char *
if (!valid_econtent_version(fn, tak_asn1->version, 0))
goto out;
- p->res->current = parse_takey(fn, tak_asn1->current);
- if (p->res->current == NULL)
+ tak->current = parse_takey(fn, tak_asn1->current);
+ if (tak->current == NULL)
goto out;
if (tak_asn1->predecessor != NULL) {
- p->res->predecessor = parse_takey(fn, tak_asn1->predecessor);
- if (p->res->predecessor == NULL)
+ tak->predecessor = parse_takey(fn, tak_asn1->predecessor);
+ if (tak->predecessor == NULL)
goto out;
}
if (tak_asn1->successor != NULL) {
- p->res->successor = parse_takey(fn, tak_asn1->successor);
- if (p->res->successor == NULL)
+ tak->successor = parse_takey(fn, tak_asn1->successor);
+ if (tak->successor == NULL)
goto out;
}
@@ -214,42 +204,39 @@ struct tak *
tak_parse(X509 **x509, const char *fn, int talid, const unsigned char *der,
size_t len)
{
- struct parse p;
+ struct tak *tak;
struct cert *cert = NULL;
unsigned char *cms;
size_t cmsz;
time_t signtime = 0;
int rc = 0;
- memset(&p, 0, sizeof(struct parse));
- p.fn = fn;
-
cms = cms_parse_validate(x509, fn, der, len, tak_oid, &cmsz, &signtime);
if (cms == NULL)
return NULL;
- if ((p.res = calloc(1, sizeof(struct tak))) == NULL)
+ if ((tak = calloc(1, sizeof(struct tak))) == NULL)
err(1, NULL);
- p.res->signtime = signtime;
+ tak->signtime = signtime;
- if (!x509_get_aia(*x509, fn, &p.res->aia))
+ if (!x509_get_aia(*x509, fn, &tak->aia))
goto out;
- if (!x509_get_aki(*x509, fn, &p.res->aki))
+ if (!x509_get_aki(*x509, fn, &tak->aki))
goto out;
- if (!x509_get_sia(*x509, fn, &p.res->sia))
+ if (!x509_get_sia(*x509, fn, &tak->sia))
goto out;
- if (!x509_get_ski(*x509, fn, &p.res->ski))
+ if (!x509_get_ski(*x509, fn, &tak->ski))
goto out;
- if (p.res->aia == NULL || p.res->aki == NULL || p.res->sia == NULL ||
- p.res->ski == NULL) {
+ if (tak->aia == NULL || tak->aki == NULL || tak->sia == NULL ||
+ tak->ski == NULL) {
warnx("%s: RFC 6487 section 4.8: "
"missing AIA, AKI, SIA, or SKI X509 extension", fn);
goto out;
}
- if (!x509_get_notbefore(*x509, fn, &p.res->notbefore))
+ if (!x509_get_notbefore(*x509, fn, &tak->notbefore))
goto out;
- if (!x509_get_notafter(*x509, fn, &p.res->notafter))
+ if (!x509_get_notafter(*x509, fn, &tak->notafter))
goto out;
if (!x509_inherits(*x509)) {
@@ -257,13 +244,13 @@ tak_parse(X509 **x509, const char *fn, i
goto out;
}
- if (!tak_parse_econtent(cms, cmsz, &p))
+ if (!tak_parse_econtent(fn, tak, cms, cmsz))
goto out;
if ((cert = cert_parse_ee_cert(fn, talid, *x509)) == NULL)
goto out;
- if (strcmp(p.res->aki, p.res->current->ski) != 0) {
+ if (strcmp(tak->aki, tak->current->ski) != 0) {
warnx("%s: current TAKey's SKI does not match EE AKI", fn);
goto out;
}
@@ -271,14 +258,14 @@ tak_parse(X509 **x509, const char *fn, i
rc = 1;
out:
if (rc == 0) {
- tak_free(p.res);
- p.res = NULL;
+ tak_free(tak);
+ tak = NULL;
X509_free(*x509);
*x509 = NULL;
}
cert_free(cert);
free(cms);
- return p.res;
+ return tak;
}
/*
rpki-client: kill struct parse