summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2023-02-21 17:06:53 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2023-02-21 17:06:53 +0000
commitb75fc6730c39bfb8e749b49615d4bbb818681e17 (patch)
tree522459af9c660d04a515ac34f83be2a41293fd93 /usr.sbin
parent66d80ab52886d01db37eb25da19d734d9d5e0dc7 (diff)
rpki-client: refactor manifest/crl parsing a bit
Now that we always try to load the CRL from both locations, we can deal with loading the DER directly in proc_parser_mft_pre(), so shuffle the code around to accomplish that. This should make an upcoming diff by claudio a bit simpler. ok claudio
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/rpki-client/parser.c56
1 files changed, 27 insertions, 29 deletions
diff --git a/usr.sbin/rpki-client/parser.c b/usr.sbin/rpki-client/parser.c
index 0d4fa9dafd7..ec95e7f83f1 100644
--- a/usr.sbin/rpki-client/parser.c
+++ b/usr.sbin/rpki-client/parser.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: parser.c,v 1.83 2023/02/21 11:13:05 job Exp $ */
+/* $OpenBSD: parser.c,v 1.84 2023/02/21 17:06:52 tb Exp $ */
/*
* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -213,12 +213,13 @@ proc_parser_mft_check(const char *fn, struct mft *p)
* Load the correct CRL using the info from the MFT.
*/
static struct crl *
-parse_load_crl_from_mft(struct entity *entp, struct mft *mft, enum location loc)
+parse_load_crl_from_mft(struct entity *entp, struct mft *mft)
{
struct crl *crl = NULL;
unsigned char *f = NULL;
char *fn = NULL;
size_t flen;
+ enum location loc = DIR_TEMP;
while (1) {
fn = parse_filepath(entp->repoid, entp->path, mft->crl, loc);
@@ -256,22 +257,36 @@ next:
* Return the mft on success or NULL on failure.
*/
static struct mft *
-proc_parser_mft_pre(char *file, const unsigned char *der, size_t len,
- struct entity *entp, enum location loc, struct crl **crl,
- const char **errstr)
+proc_parser_mft_pre(struct entity *entp, enum location loc, char **file,
+ struct crl **crl, const char **errstr)
{
struct mft *mft;
X509 *x509;
struct auth *a;
+ unsigned char *der;
+ size_t len;
*crl = NULL;
*errstr = NULL;
- if ((mft = mft_parse(&x509, file, der, len)) == NULL)
+
+ *file = parse_filepath(entp->repoid, entp->path, entp->file, loc);
+ if (*file == NULL)
return NULL;
- *crl = parse_load_crl_from_mft(entp, mft, loc);
- a = valid_ski_aki(file, &auths, mft->ski, mft->aki);
- if (!valid_x509(file, ctx, x509, a, *crl, errstr)) {
+ der = load_file(*file, &len);
+ if (der == NULL && errno != ENOENT)
+ warn("parse file %s", *file);
+
+ if ((mft = mft_parse(&x509, *file, der, len)) == NULL) {
+ free(der);
+ return NULL;
+ }
+ free(der);
+
+ *crl = parse_load_crl_from_mft(entp, mft);
+
+ a = valid_ski_aki(*file, &auths, mft->ski, mft->aki);
+ if (!valid_x509(*file, ctx, x509, a, *crl, errstr)) {
X509_free(x509);
mft_free(mft);
crl_free(*crl);
@@ -336,30 +351,13 @@ proc_parser_mft(struct entity *entp, struct mft **mp)
{
struct mft *mft1 = NULL, *mft2 = NULL;
struct crl *crl, *crl1 = NULL, *crl2 = NULL;
- char *f, *file, *file1, *file2;
+ char *file, *file1 = NULL, *file2 = NULL;
const char *err1, *err2;
- size_t flen;
*mp = NULL;
- file1 = parse_filepath(entp->repoid, entp->path, entp->file, DIR_VALID);
- file2 = parse_filepath(entp->repoid, entp->path, entp->file, DIR_TEMP);
- if (file1 != NULL) {
- f = load_file(file1, &flen);
- if (f == NULL && errno != ENOENT)
- warn("parse file %s", file1);
- mft1 = proc_parser_mft_pre(file1, f, flen, entp, DIR_TEMP,
- &crl1, &err1);
- free(f);
- }
- if (file2 != NULL) {
- f = load_file(file2, &flen);
- if (f == NULL && errno != ENOENT)
- warn("parse file %s", file2);
- mft2 = proc_parser_mft_pre(file2, f, flen, entp, DIR_TEMP,
- &crl2, &err2);
- free(f);
- }
+ mft1 = proc_parser_mft_pre(entp, DIR_VALID, &file1, &crl1, &err1);
+ mft2 = proc_parser_mft_pre(entp, DIR_TEMP, &file2, &crl2, &err2);
/* overload error from temp file if it is set */
if (mft1 == NULL && mft2 == NULL)