src - OpenBSD base system

diff options


context:
space:
mode:

author	Job Snijders <job@cvs.openbsd.org>	2023-06-07 10:46:35 +0000
committer	Job Snijders <job@cvs.openbsd.org>	2023-06-07 10:46:35 +0000
commit	8e86cc83383301cf49d58ac4c671e43e1a449445 (patch)
tree	855d579b5b012f8fa10033962109cd82c420a980 /usr.sbin
parent	b09263fd5303ce046adbfdc0249dddbbe4f576ab (diff)

In anticipation of a bump of the ASPA eContent profile version, update

valid_econtent_version() to allow for non-zero versions. OK tb@

Diffstat (limited to 'usr.sbin')

-rw-r--r--

usr.sbin/rpki-client/aspa.c

-rw-r--r--

usr.sbin/rpki-client/extern.h

-rw-r--r--

usr.sbin/rpki-client/mft.c

-rw-r--r--

usr.sbin/rpki-client/roa.c

-rw-r--r--

usr.sbin/rpki-client/rsc.c

-rw-r--r--

usr.sbin/rpki-client/tak.c

-rw-r--r--

usr.sbin/rpki-client/validate.c

7 files changed, 25 insertions, 20 deletions

diff --git a/usr.sbin/rpki-client/aspa.c b/usr.sbin/rpki-client/aspa.c
index 9f56abd26ec..1fdd3cb8484 100644
--- a/usr.sbin/rpki-client/aspa.c
+++ b/usr.sbin/rpki-client/aspa.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: aspa.c,v 1.17 2023/04/26 16:32:41 claudio Exp $ */

+/* $OpenBSD: aspa.c,v 1.18 2023/06/07 10:46:34 job Exp $ */

@@ -161,7 +161,7 @@ aspa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)

goto out;

}

- if (!valid_econtent_version(p->fn, aspa->version))

+ if (!valid_econtent_version(p->fn, aspa->version, 0))

goto out;

if (!as_id_parse(aspa->customerASID, &p->res->custasid)) {

diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h
index c3e3be89ce6..ec6c257e9b4 100644
--- a/usr.sbin/rpki-client/extern.h
+++ b/usr.sbin/rpki-client/extern.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: extern.h,v 1.183 2023/05/30 16:02:28 job Exp $ */

+/* $OpenBSD: extern.h,v 1.184 2023/06/07 10:46:34 job Exp $ */

@@ -690,7 +690,8 @@ int valid_origin(const char *, const char *);

int valid_x509(char *, X509_STORE_CTX *, X509 *, struct auth *,

struct crl *, const char **);

int valid_rsc(const char *, struct cert *, struct rsc *);

-int valid_econtent_version(const char *, const ASN1_INTEGER *);

+int valid_econtent_version(const char *, const ASN1_INTEGER *,

+ uint64_t);

int valid_aspa(const char *, struct cert *, struct aspa *);

int valid_geofeed(const char *, struct cert *, struct geofeed *);

int valid_uuid(const char *);

diff --git a/usr.sbin/rpki-client/mft.c b/usr.sbin/rpki-client/mft.c
index c7c27ba5b23..75ad639d8d3 100644
--- a/usr.sbin/rpki-client/mft.c
+++ b/usr.sbin/rpki-client/mft.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: mft.c,v 1.93 2023/05/22 15:15:25 tb Exp $ */

+/* $OpenBSD: mft.c,v 1.94 2023/06/07 10:46:34 job Exp $ */

@@ -286,7 +286,7 @@ mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)

goto out;

}

- if (!valid_econtent_version(p->fn, mft->version))

+ if (!valid_econtent_version(p->fn, mft->version, 0))

goto out;

p->res->seqnum = x509_convert_seqnum(p->fn, mft->manifestNumber);

diff --git a/usr.sbin/rpki-client/roa.c b/usr.sbin/rpki-client/roa.c
index 206cd011932..0097b514fa3 100644
--- a/usr.sbin/rpki-client/roa.c
+++ b/usr.sbin/rpki-client/roa.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: roa.c,v 1.67 2023/05/23 06:42:08 tb Exp $ */

+/* $OpenBSD: roa.c,v 1.68 2023/06/07 10:46:34 job Exp $ */

@@ -119,7 +119,7 @@ roa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)

goto out;

}

- if (!valid_econtent_version(p->fn, roa->version))

+ if (!valid_econtent_version(p->fn, roa->version, 0))

goto out;

if (!as_id_parse(roa->asid, &p->res->asid)) {

diff --git a/usr.sbin/rpki-client/rsc.c b/usr.sbin/rpki-client/rsc.c
index ef88470b7e0..4e9f491ca88 100644
--- a/usr.sbin/rpki-client/rsc.c
+++ b/usr.sbin/rpki-client/rsc.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: rsc.c,v 1.25 2023/03/12 13:31:39 tb Exp $ */

+/* $OpenBSD: rsc.c,v 1.26 2023/06/07 10:46:34 job Exp $ */

@@ -339,7 +339,7 @@ rsc_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)

goto out;

}

- if (!valid_econtent_version(p->fn, rsc->version))

+ if (!valid_econtent_version(p->fn, rsc->version, 0))

goto out;

resources = rsc->resources;

diff --git a/usr.sbin/rpki-client/tak.c b/usr.sbin/rpki-client/tak.c
index 85613ed7de1..4805fa0edd1 100644
--- a/usr.sbin/rpki-client/tak.c
+++ b/usr.sbin/rpki-client/tak.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: tak.c,v 1.8 2023/03/12 11:46:35 tb Exp $ */

+/* $OpenBSD: tak.c,v 1.9 2023/06/07 10:46:34 job Exp $ */

@@ -195,7 +195,7 @@ tak_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)

goto out;

}

- if (!valid_econtent_version(fn, tak->version))

+ if (!valid_econtent_version(fn, tak->version, 0))

goto out;

p->res->current = parse_takey(fn, tak->current);

diff --git a/usr.sbin/rpki-client/validate.c b/usr.sbin/rpki-client/validate.c
index 69612a83900..3ed0f0372d8 100644
--- a/usr.sbin/rpki-client/validate.c
+++ b/usr.sbin/rpki-client/validate.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: validate.c,v 1.63 2023/05/30 12:14:48 claudio Exp $ */

+/* $OpenBSD: validate.c,v 1.64 2023/06/07 10:46:34 job Exp $ */

@@ -514,11 +514,12 @@ valid_rsc(const char *fn, struct cert *cert, struct rsc *rsc)

}

int

-valid_econtent_version(const char *fn, const ASN1_INTEGER *aint)

+valid_econtent_version(const char *fn, const ASN1_INTEGER *aint,

+ uint64_t expected)

{

uint64_t version;

- if (aint == NULL)

+ if (expected == 0 && aint == NULL)

return 1;

if (!ASN1_INTEGER_get_uint64(&version, aint)) {

@@ -526,15 +527,18 @@ valid_econtent_version(const char *fn, const ASN1_INTEGER *aint)

return 0;

}

- switch (version) {

- case 0:

+ if (version == 0) {

warnx("%s: incorrect encoding for version 0", fn);

return 0;

- default:

- warnx("%s: version %llu not supported (yet)", fn,

- (unsigned long long)version);

+ }

+ if (version != expected) {

+ warnx("%s: unexpected version (expected %llu, got %llu)", fn,

+ (unsigned long long)expected, (unsigned long long)version);

return 0;

}

+ return 1;

}