diff options
| -rw-r--r-- | usr.sbin/rpki-client/Makefile | 9 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/encoding.c | 88 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/extern.h | 9 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/tal.c | 39 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/x509.c | 26 |
5 files changed, 103 insertions, 68 deletions
diff --git a/usr.sbin/rpki-client/Makefile b/usr.sbin/rpki-client/Makefile index 16713b946ca..9d17b18351c 100644 --- a/usr.sbin/rpki-client/Makefile +++ b/usr.sbin/rpki-client/Makefile @@ -1,9 +1,10 @@ -# $OpenBSD: Makefile,v 1.19 2021/03/04 13:01:41 claudio Exp $ +# $OpenBSD: Makefile,v 1.20 2021/04/01 06:43:23 claudio Exp $ PROG= rpki-client -SRCS= as.c cert.c cms.c crl.c gbr.c http.c io.c ip.c log.c main.c mft.c \ - mkdir.c output.c output-bgpd.c output-bird.c output-csv.c \ - output-json.c parser.c roa.c rsync.c tal.c validate.c x509.c +SRCS= as.c cert.c cms.c crl.c encoding.c gbr.c http.c io.c ip.c log.c \ + main.c mft.c mkdir.c output.c output-bgpd.c output-bird.c \ + output-csv.c output-json.c parser.c roa.c rsync.c tal.c validate.c \ + x509.c MAN= rpki-client.8 LDADD+= -ltls -lssl -lcrypto -lutil diff --git a/usr.sbin/rpki-client/encoding.c b/usr.sbin/rpki-client/encoding.c new file mode 100644 index 00000000000..4afe7946183 --- /dev/null +++ b/usr.sbin/rpki-client/encoding.c @@ -0,0 +1,88 @@ +/* $OpenBSD: encoding.c,v 1.1 2021/04/01 06:43:23 claudio Exp $ */ +/* + * Copyright (c) 2020 Claudio Jeker <claudio@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +#include <err.h> +#include <limits.h> +#include <stdlib.h> +#include <string.h> + +#include <openssl/evp.h> + +#include "extern.h" + +/* + * Decode base64 encoded string into binary buffer returned in out. + * The out buffer size is stored in outlen. + * Returns 0 on success or -1 for any errors. + */ +int +base64_decode(const unsigned char *in, unsigned char **out, size_t *outlen) +{ + static EVP_ENCODE_CTX *ctx; + unsigned char *to; + size_t inlen; + int tolen; + + if (ctx == NULL && (ctx = EVP_ENCODE_CTX_new()) == NULL) + err(1, "EVP_ENCODE_CTX_new"); + + *out = NULL; + *outlen = 0; + + inlen = strlen(in); + if (inlen >= INT_MAX - 3) + return -1; + tolen = ((inlen + 3) / 4) * 3 + 1; + if ((to = malloc(tolen)) == NULL) + return -1; + + EVP_DecodeInit(ctx); + if (EVP_DecodeUpdate(ctx, to, &tolen, in, inlen) == -1) + goto fail; + *outlen = tolen; + if (EVP_DecodeFinal(ctx, to + tolen, &tolen) == -1) + goto fail; + *outlen += tolen; + *out = to; + return 0; + +fail: + free(to); + return -1; +} + +/* + * Convert binary buffer of size dsz into an upper-case hex-string. + * Returns pointer to the newly allocated string. Function can't fail. + */ +char * +hex_encode(const unsigned char *in, size_t insz) +{ + const char hex[] = "0123456789ABCDEF"; + size_t i; + char *out; + + if ((out = calloc(2, insz + 1)) == NULL) + err(1, NULL); + + for (i = 0; i < insz; i++) { + out[i * 2] = hex[in[i] >> 4]; + out[i * 2 + 1] = hex[in[i] & 0xf]; + } + out[i * 2] = '\0'; + + return out; +} diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h index d3205f11568..ffe48b2dea9 100644 --- a/usr.sbin/rpki-client/extern.h +++ b/usr.sbin/rpki-client/extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: extern.h,v 1.59 2021/03/29 12:41:34 claudio Exp $ */ +/* $OpenBSD: extern.h,v 1.60 2021/04/01 06:43:23 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -419,6 +419,13 @@ void cryptoerrx(const char *, ...) __attribute__((format(printf, 1, 2))) __attribute__((noreturn)); +/* Encoding functions for hex and base64. */ + +int base64_decode(const unsigned char *, unsigned char **, + size_t *); +char *hex_encode(const unsigned char *, size_t); + + /* Functions for moving data between processes. */ void io_socket_blocking(int); diff --git a/usr.sbin/rpki-client/tal.c b/usr.sbin/rpki-client/tal.c index e5a8674774a..1ce936e1c8c 100644 --- a/usr.sbin/rpki-client/tal.c +++ b/usr.sbin/rpki-client/tal.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tal.c,v 1.29 2021/03/25 09:27:38 claudio Exp $ */ +/* $OpenBSD: tal.c,v 1.30 2021/04/01 06:43:23 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -19,7 +19,6 @@ #include <assert.h> #include <ctype.h> #include <err.h> -#include <limits.h> #include <libgen.h> #include <stdio.h> #include <stdlib.h> @@ -28,42 +27,6 @@ #include "extern.h" static int -base64_decode(const unsigned char *in, unsigned char **out, size_t *outlen) -{ - static EVP_ENCODE_CTX *ctx; - unsigned char *to; - size_t inlen; - int tolen; - - if (ctx == NULL && (ctx = EVP_ENCODE_CTX_new()) == NULL) - err(1, "EVP_ENCODE_CTX_new"); - - *out = NULL; - *outlen = 0; - - inlen = strlen(in); - if (inlen >= INT_MAX - 3) - return -1; - tolen = ((inlen + 3) / 4) * 3 + 1; - if ((to = malloc(tolen)) == NULL) - return -1; - - EVP_DecodeInit(ctx); - if (EVP_DecodeUpdate(ctx, to, &tolen, in, inlen) == -1) - goto fail; - *outlen = tolen; - if (EVP_DecodeFinal(ctx, to + tolen, &tolen) == -1) - goto fail; - *outlen += tolen; - *out = to; - return 0; - -fail: - free(to); - return -1; -} - -static int tal_cmp(const void *a, const void *b) { char * const *sa = a; diff --git a/usr.sbin/rpki-client/x509.c b/usr.sbin/rpki-client/x509.c index 59c355c1b1d..385f1ace68d 100644 --- a/usr.sbin/rpki-client/x509.c +++ b/usr.sbin/rpki-client/x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.c,v 1.20 2021/03/29 12:41:35 claudio Exp $ */ +/* $OpenBSD: x509.c,v 1.21 2021/04/01 06:43:23 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -20,7 +20,6 @@ #include <assert.h> #include <err.h> #include <stdarg.h> -#include <stdint.h> #include <stdlib.h> #include <string.h> #include <unistd.h> @@ -30,29 +29,6 @@ #include "extern.h" /* - * Convert binary buffer of size dsz into an upper-case hex-string. - * Returns pointer to the newly allocated string. Function can't fail. - */ -char * -hex_encode(const unsigned char *in, size_t insz) -{ - const char hex[] = "0123456789ABCDEF"; - size_t i; - char *out; - - if ((out = calloc(2, insz + 1)) == NULL) - err(1, NULL); - - for (i = 0; i < insz; i++) { - out[i * 2] = hex[in[i] >> 4]; - out[i * 2 + 1] = hex[in[i] & 0xf]; - } - out[i * 2] = '\0'; - - return out; -} - -/* * Parse X509v3 authority key identifier (AKI), RFC 6487 sec. 4.8.3. * Returns the AKI or NULL if it could not be parsed. * The AKI is formatted as a hex string. |