mischief/openbsd-src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2025-01-10 06:47:55 -08:00
Code

Also move the cert parser code away from using BIO.

Browse Source 
OK beck@
This commit is contained in:
claudio 2021-10-26 13:31:05 +00:00
parent 86089276ec
commit 803d3b9acd
3 changed files with 26 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
usr.sbin/rpki-client/cert.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cert.c,v 1.40 2021/10/23 16:06:04 claudio Exp $ */
/* $OpenBSD: cert.c,v 1.41 2021/10/26 13:31:05 claudio Exp $ */
/*
* Copyright (c) 2021 Job Snijders <job@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -976,7 +976,8 @@ out:
* is also dereferenced.
*/
static struct cert *
cert_parse_inner(X509 **xp, const char *fn, int ta)
cert_parse_inner(X509 **xp, const char *fn, const unsigned char *der,
size_t len, int ta)
{
int rc = 0, extsz, c;
int sia_present = 0;
@ -985,28 +986,19 @@ cert_parse_inner(X509 **xp, const char *fn, int ta)
X509_EXTENSION *ext = NULL;
ASN1_OBJECT *obj;
struct parse p;
BIO *bio = NULL;
FILE *f;
*xp = NULL;
if ((f = fopen(fn, "rb")) == NULL) {
warn("%s", fn);
/* just fail for empty buffers, the warning was printed elsewhere */
if (der == NULL)
return NULL;
}
if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) {
if (verbose > 0)
cryptowarnx("%s: BIO_new_file", fn);
return NULL;
}
memset(&p, 0, sizeof(struct parse));
p.fn = fn;
if ((p.res = calloc(1, sizeof(struct cert))) == NULL)
err(1, NULL);
if ((x = *xp = d2i_X509_bio(bio, NULL)) == NULL) {
if ((x = *xp = d2i_X509(NULL, &der, len)) == NULL) {
cryptowarnx("%s: d2i_X509_bio", p.fn);
goto out;
}
@ -1144,7 +1136,6 @@ cert_parse_inner(X509 **xp, const char *fn, int ta)
rc = 1;
out:
BIO_free_all(bio);
if (rc == 0) {
cert_free(p.res);
X509_free(x);
@ -1154,19 +1145,20 @@ out:
}
struct cert *
cert_parse(X509 **xp, const char *fn)
cert_parse(X509 **xp, const char *fn, const unsigned char *der, size_t len)
{
return cert_parse_inner(xp, fn, 0);
return cert_parse_inner(xp, fn, der, len, 0);
}
struct cert *
ta_parse(X509 **xp, const char *fn, const unsigned char *pkey, size_t pkeysz)
ta_parse(X509 **xp, const char *fn, const unsigned char *der, size_t len,
const unsigned char *pkey, size_t pkeysz)
{
EVP_PKEY *pk = NULL, *opk = NULL;
struct cert *p;
int rc = 0;
if ((p = cert_parse_inner(xp, fn, 1)) == NULL)
if ((p = cert_parse_inner(xp, fn, der, len, 1)) == NULL)
return NULL;
if (pkey != NULL) {

8
usr.sbin/rpki-client/extern.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: extern.h,v 1.78 2021/10/26 10:52:49 claudio Exp $ */
/* $OpenBSD: extern.h,v 1.79 2021/10/26 13:31:05 claudio Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -403,8 +403,10 @@ struct tal *tal_read(struct ibuf *);
void cert_buffer(struct ibuf *, const struct cert *);
void cert_free(struct cert *);
struct cert *cert_parse(X509 **, const char *);
struct cert *ta_parse(X509 **, const char *, const unsigned char *, size_t);
struct cert *cert_parse(X509 **, const char *, const unsigned char *,
size_t);
struct cert *ta_parse(X509 **, const char *, const unsigned char *, size_t,
const unsigned char *, size_t);
struct cert *cert_read(struct ibuf *);
void cert_insert_brks(struct brk_tree *, struct cert *);

18
usr.sbin/rpki-client/parser.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: parser.c,v 1.18 2021/10/26 10:52:50 claudio Exp $ */
/* $OpenBSD: parser.c,v 1.19 2021/10/26 13:31:05 claudio Exp $ */
/*
* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@ -191,7 +191,8 @@ proc_parser_mft(struct entity *entp, const unsigned char *der, size_t len)
* parse failure.
*/
static struct cert *
proc_parser_cert(const struct entity *entp)
proc_parser_cert(const struct entity *entp, const unsigned char *der,
size_t len)
{
struct cert *cert;
X509 *x509;
@ -204,7 +205,7 @@ proc_parser_cert(const struct entity *entp)
/* Extract certificate data and X509. */
cert = cert_parse(&x509, entp->file);
cert = cert_parse(&x509, entp->file, der, len);
if (cert == NULL)
return NULL;
@ -282,7 +283,8 @@ proc_parser_cert(const struct entity *entp)
* parse failure.
*/
static struct cert *
proc_parser_root_cert(const struct entity *entp)
proc_parser_root_cert(const struct entity *entp, const unsigned char *der,
size_t len)
{
char subject[256];
ASN1_TIME *notBefore, *notAfter;
@ -296,7 +298,7 @@ proc_parser_root_cert(const struct entity *entp)
/* Extract certificate data and X509. */
cert = ta_parse(&x509, entp->file, entp->pkey, entp->pkeysz);
cert = ta_parse(&x509, entp->file, der, len, entp->pkey, entp->pkeysz);
if (cert == NULL)
return NULL;
@ -561,7 +563,7 @@ parse_entity(struct entityq *q, struct msgbuf *msgq)
io_simple_buffer(b, &entp->type, sizeof(entp->type));
f = NULL;
if (entp->type != RTYPE_TAL && entp->type != RTYPE_CER) {
if (entp->type != RTYPE_TAL) {
f = load_file(entp->file, &flen);
if (f == NULL)
warn("%s", entp->file);
@ -577,9 +579,9 @@ parse_entity(struct entityq *q, struct msgbuf *msgq)
break;
case RTYPE_CER:
if (entp->has_pkey)
cert = proc_parser_root_cert(entp);
cert = proc_parser_root_cert(entp, f, flen);
else
cert = proc_parser_cert(entp);
cert = proc_parser_cert(entp, f, flen);
c = (cert != NULL);
io_simple_buffer(b, &c, sizeof(int));
if (cert != NULL)