diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2022-04-11 08:28:55 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2022-04-11 08:28:55 +0000 |
| commit | 16d1c6e7b090d0d92e01f3d0d9c9fc2509de9175 (patch) | |
| tree | 577c86c90624f7f02e6a125688e9db3b8b1114f2 /usr.sbin | |
| parent | 4d0c7269384f22b7759e5aaa4abeea983cd75cad (diff) | |
Merge sbgp_sia() and sbgp_sia_resource()
These two functions are now short and easy, so there's no need for a split.
Also, pull the .mft extension check out of sbgp_sia_resource_mft() and use
rtype_from_file_extension() instead.
ok claudio
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/rpki-client/cert.c | 54 |
1 files changed, 19 insertions, 35 deletions
diff --git a/usr.sbin/rpki-client/cert.c b/usr.sbin/rpki-client/cert.c index 86927e89788..c33d9c0990e 100644 --- a/usr.sbin/rpki-client/cert.c +++ b/usr.sbin/rpki-client/cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cert.c,v 1.64 2022/04/11 08:04:43 tb Exp $ */ +/* $OpenBSD: cert.c,v 1.65 2022/04/11 08:28:54 tb Exp $ */ /* * Copyright (c) 2021 Job Snijders <job@openbsd.org> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> @@ -162,18 +162,12 @@ sbgp_sia_resource_mft(struct parse *p, const char *d, size_t dsz) return 0; } - /* Make sure it's an MFT rsync address. */ + /* Make sure it's an rsync address. */ if (!valid_uri(d, dsz, "rsync://")) { warnx("%s: RFC 6487 section 4.8.8: bad MFT location", p->fn); return 0; } - if (dsz < 4 || strcasecmp(d + dsz - 4, ".mft") != 0) { - warnx("%s: RFC 6487 section 4.8.8: SIA: " - "not an MFT file", p->fn); - return 0; - } - if ((p->res->mft = strndup(d, dsz)) == NULL) err(1, NULL); @@ -257,15 +251,28 @@ sbgp_sia_resource_entry(struct parse *p, ACCESS_DESCRIPTION *ad) } /* - * Multiple locations as defined in RFC 6487, 4.8.8.1. + * Parse "Subject Information Access" extension, RFC 6487 4.8.8. * Returns zero on failure, non-zero on success. */ static int -sbgp_sia_resource(struct parse *p, AUTHORITY_INFO_ACCESS *sia) +sbgp_sia(struct parse *p, X509_EXTENSION *ext) { + AUTHORITY_INFO_ACCESS *sia = NULL; ACCESS_DESCRIPTION *ad; int i, rc = 0; + if (X509_EXTENSION_get_critical(ext)) { + warnx("%s: RFC 6487 section 4.8.8: SIA: " + "extension not non-critical", p->fn); + goto out; + } + + if ((sia = X509V3_EXT_d2i(ext)) == NULL) { + cryptowarnx("%s: RFC 6487 section 4.8.8: SIA: " + "failed extension parse", p->fn); + goto out; + } + for (i = 0; i < sk_ACCESS_DESCRIPTION_num(sia); i++) { ad = sk_ACCESS_DESCRIPTION_value(sia, i); if (!sbgp_sia_resource_entry(p, ad)) @@ -285,34 +292,11 @@ sbgp_sia_resource(struct parse *p, AUTHORITY_INFO_ACCESS *sia) goto out; } - rc = 1; - out: - return rc; -} - -/* - * Parse "Subject Information Access" extension, RFC 6487 4.8.8. - * Returns zero on failure, non-zero on success. - */ -static int -sbgp_sia(struct parse *p, X509_EXTENSION *ext) -{ - AUTHORITY_INFO_ACCESS *sia = NULL; - int rc = 0; - - if (X509_EXTENSION_get_critical(ext)) { + if (rtype_from_file_extension(p->res->mft) != RTYPE_MFT) { warnx("%s: RFC 6487 section 4.8.8: SIA: " - "extension not non-critical", p->fn); - goto out; - } - - if ((sia = X509V3_EXT_d2i(ext)) == NULL) { - cryptowarnx("%s: RFC 6487 section 4.8.8: SIA: " - "failed extension parse", p->fn); + "not an MFT file", p->fn); goto out; } - if (!sbgp_sia_resource(p, sia)) - goto out; rc = 1; out: |