diff options
Diffstat (limited to 'usr.sbin/rpki-client/mft.c')
-rw-r--r-- | usr.sbin/rpki-client/mft.c | 45 |
1 files changed, 40 insertions, 5 deletions
diff --git a/usr.sbin/rpki-client/mft.c b/usr.sbin/rpki-client/mft.c index f857cdb657a..bfa8b71b3fc 100644 --- a/usr.sbin/rpki-client/mft.c +++ b/usr.sbin/rpki-client/mft.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mft.c,v 1.46 2022/01/18 13:06:43 claudio Exp $ */ +/* $OpenBSD: mft.c,v 1.47 2022/01/18 16:18:22 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -403,9 +403,8 @@ out: /* * Parse the objects that have been published in the manifest. * This conforms to RFC 6486. - * Note that if the MFT is stale, all referenced objects are stripped - * from the parsed content. - * The MFT content is otherwise returned. + * On success the MFT content is returned. Stale MFTs only set + * the stale flag and returned like valid MFTs. */ struct mft * mft_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len) @@ -418,7 +417,7 @@ mft_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len) memset(&p, 0, sizeof(struct parse)); p.fn = fn; - cms = cms_parse_validate(x509, fn, der, len, mft_oid, &cmsz); + cms = cms_parse_validate(x509, fn, der, len, mft_oid, &cmsz, 0); if (cms == NULL) return NULL; assert(*x509 != NULL); @@ -532,3 +531,39 @@ mft_read(struct ibuf *b) return p; } + +/* + * Compare two MFT files, returns 1 if first MFT is better and 0 if second + * should be used. + */ +int +mft_compare(const struct mft *a, const struct mft *b) +{ + BIGNUM *abn = NULL, *bbn = NULL; + int r; + + if (a == NULL) + return 0; + if (b == NULL) + return 1; + +warnx("%s: seq a %s, seq b %s", __func__, a->seqnum, b->seqnum); + BN_hex2bn(&abn, a->seqnum); + BN_hex2bn(&bbn, b->seqnum); + + r = BN_cmp(abn, bbn); + BN_free(abn); + BN_free(bbn); + + if (r <= 0) + return 0; + +warnx("%s: prefer b", __func__); + /* + * Equal sequence numbers should not happen for different content. + * In this case we prefer the newer MFT. It seems some CA update + * the EE cert and timestamps without issuing a new serial. + * This is bad bad bad bad bad. + */ + return 1; +} |