diff options
| -rw-r--r-- | usr.sbin/rpki-client/crl.c | 44 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/extern.h | 6 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/parser.c | 45 |
3 files changed, 46 insertions, 49 deletions
diff --git a/usr.sbin/rpki-client/crl.c b/usr.sbin/rpki-client/crl.c index 5bd548526f3..52324e03ac8 100644 --- a/usr.sbin/rpki-client/crl.c +++ b/usr.sbin/rpki-client/crl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crl.c,v 1.11 2021/10/26 10:52:49 claudio Exp $ */ +/* $OpenBSD: crl.c,v 1.12 2022/02/08 11:51:51 tb Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -28,28 +28,52 @@ #include "extern.h" -X509_CRL * +struct crl * crl_parse(const char *fn, const unsigned char *der, size_t len) { + struct crl *crl; + const ASN1_TIME *at; + struct tm expires_tm; int rc = 0; - X509_CRL *x = NULL; /* just fail for empty buffers, the warning was printed elsewhere */ if (der == NULL) return NULL; - if ((x = d2i_X509_CRL(NULL, &der, len)) == NULL) { + if ((crl = calloc(1, sizeof(*crl))) == NULL) + err(1, NULL); + + if ((crl->x509_crl = d2i_X509_CRL(NULL, &der, len)) == NULL) { cryptowarnx("%s: d2i_X509_CRL", fn); goto out; } + if ((crl->aki = x509_crl_get_aki(crl->x509_crl, fn)) == NULL) { + warnx("x509_crl_get_aki failed"); + goto out; + } + + /* extract expire time for later use */ + at = X509_CRL_get0_nextUpdate(crl->x509_crl); + if (at == NULL) { + warnx("%s: X509_CRL_get0_nextUpdate failed", fn); + goto out; + } + memset(&expires_tm, 0, sizeof(expires_tm)); + if (ASN1_time_parse(at->data, at->length, &expires_tm, 0) == -1) { + warnx("%s: ASN1_time_parse failed", fn); + goto out; + } + if ((crl->expires = mktime(&expires_tm)) == -1) + errx(1, "%s: mktime failed", fn); + rc = 1; -out: + out: if (rc == 0) { - X509_CRL_free(x); - x = NULL; + crl_free(crl); + crl = NULL; } - return x; + return crl; } static inline int @@ -61,8 +85,10 @@ crlcmp(struct crl *a, struct crl *b) RB_GENERATE(crl_tree, crl, entry, crlcmp); void -free_crl(struct crl *crl) +crl_free(struct crl *crl) { + if (crl == NULL) + return; free(crl->aki); X509_CRL_free(crl->x509_crl); free(crl); diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h index 28f64dae957..079c4e92336 100644 --- a/usr.sbin/rpki-client/extern.h +++ b/usr.sbin/rpki-client/extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: extern.h,v 1.116 2022/01/28 15:30:23 claudio Exp $ */ +/* $OpenBSD: extern.h,v 1.117 2022/02/08 11:51:51 tb Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -447,8 +447,8 @@ struct gbr *gbr_parse(X509 **, const char *, const unsigned char *, size_t); /* crl.c */ -X509_CRL *crl_parse(const char *, const unsigned char *, size_t); -void free_crl(struct crl *); +struct crl *crl_parse(const char *, const unsigned char *, size_t); +void crl_free(struct crl *); /* Validation of our objects. */ diff --git a/usr.sbin/rpki-client/parser.c b/usr.sbin/rpki-client/parser.c index 2fdaba39724..53f936771d4 100644 --- a/usr.sbin/rpki-client/parser.c +++ b/usr.sbin/rpki-client/parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.c,v 1.60 2022/02/04 16:29:43 tb Exp $ */ +/* $OpenBSD: parser.c,v 1.61 2022/02/08 11:51:51 tb Exp $ */ /* * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> @@ -530,45 +530,16 @@ proc_parser_root_cert(char *file, const unsigned char *der, size_t len, static void proc_parser_crl(char *file, const unsigned char *der, size_t len) { - X509_CRL *x509_crl; - struct crl *crl; - const ASN1_TIME *at; - struct tm expires_tm; - - if ((x509_crl = crl_parse(file, der, len)) != NULL) { - if ((crl = malloc(sizeof(*crl))) == NULL) - err(1, NULL); - if ((crl->aki = x509_crl_get_aki(x509_crl, file)) == NULL) { - warnx("x509_crl_get_aki failed"); - goto err; - } - - crl->x509_crl = x509_crl; + struct crl *crl; - /* extract expire time for later use */ - at = X509_CRL_get0_nextUpdate(x509_crl); - if (at == NULL) { - warnx("%s: X509_CRL_get0_nextUpdate failed", file); - goto err; - } - memset(&expires_tm, 0, sizeof(expires_tm)); - if (ASN1_time_parse(at->data, at->length, &expires_tm, - 0) == -1) { - warnx("%s: ASN1_time_parse failed", file); - goto err; - } - if ((crl->expires = mktime(&expires_tm)) == -1) - errx(1, "%s: mktime failed", file); + if ((crl = crl_parse(file, der, len)) == NULL) + return; - if (RB_INSERT(crl_tree, &crlt, crl) != NULL) { - if (!filemode) - warnx("%s: duplicate AKI %s", file, crl->aki); - goto err; - } + if (RB_INSERT(crl_tree, &crlt, crl) != NULL) { + if (!filemode) + warnx("%s: duplicate AKI %s", file, crl->aki); + crl_free(crl); } - return; - err: - free_crl(crl); } /* |