diff options
Diffstat (limited to 'usr.sbin/rpki-client')
-rw-r--r-- | usr.sbin/rpki-client/cert.c | 31 | ||||
-rw-r--r-- | usr.sbin/rpki-client/extern.h | 19 | ||||
-rw-r--r-- | usr.sbin/rpki-client/main.c | 59 | ||||
-rw-r--r-- | usr.sbin/rpki-client/output-csv.c | 5 | ||||
-rw-r--r-- | usr.sbin/rpki-client/output-json.c | 32 | ||||
-rw-r--r-- | usr.sbin/rpki-client/output.c | 29 | ||||
-rw-r--r-- | usr.sbin/rpki-client/parser.c | 9 | ||||
-rw-r--r-- | usr.sbin/rpki-client/roa.c | 35 | ||||
-rw-r--r-- | usr.sbin/rpki-client/tal.c | 8 | ||||
-rw-r--r-- | usr.sbin/rpki-client/validate.c | 5 |
10 files changed, 121 insertions, 111 deletions
diff --git a/usr.sbin/rpki-client/cert.c b/usr.sbin/rpki-client/cert.c index e1d395b836b..c2fae97685e 100644 --- a/usr.sbin/rpki-client/cert.c +++ b/usr.sbin/rpki-client/cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cert.c,v 1.45 2021/11/02 19:30:30 claudio Exp $ */ +/* $OpenBSD: cert.c,v 1.46 2021/11/04 11:32:55 claudio Exp $ */ /* * Copyright (c) 2021 Job Snijders <job@openbsd.org> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> @@ -1220,7 +1220,6 @@ cert_free(struct cert *p) free(p->aia); free(p->aki); free(p->ski); - free(p->tal); free(p->pubkey); X509_free(p->x509); free(p); @@ -1263,13 +1262,14 @@ cert_buffer(struct ibuf *b, const struct cert *p) { size_t i; - io_simple_buffer(b, &p->expires, sizeof(time_t)); - io_simple_buffer(b, &p->purpose, sizeof(enum cert_purpose)); - io_simple_buffer(b, &p->ipsz, sizeof(size_t)); + io_simple_buffer(b, &p->expires, sizeof(p->expires)); + io_simple_buffer(b, &p->purpose, sizeof(p->purpose)); + io_simple_buffer(b, &p->talid, sizeof(p->talid)); + io_simple_buffer(b, &p->ipsz, sizeof(p->ipsz)); for (i = 0; i < p->ipsz; i++) cert_ip_buffer(b, &p->ips[i]); - io_simple_buffer(b, &p->asz, sizeof(size_t)); + io_simple_buffer(b, &p->asz, sizeof(p->asz)); for (i = 0; i < p->asz; i++) cert_as_buffer(b, &p->as[i]); io_str_buffer(b, p->mft); @@ -1279,7 +1279,6 @@ cert_buffer(struct ibuf *b, const struct cert *p) io_str_buffer(b, p->aia); io_str_buffer(b, p->aki); io_str_buffer(b, p->ski); - io_str_buffer(b, p->tal); io_str_buffer(b, p->pubkey); } @@ -1325,9 +1324,10 @@ cert_read(struct ibuf *b) if ((p = calloc(1, sizeof(struct cert))) == NULL) err(1, NULL); - io_read_buf(b, &p->expires, sizeof(time_t)); - io_read_buf(b, &p->purpose, sizeof(enum cert_purpose)); - io_read_buf(b, &p->ipsz, sizeof(size_t)); + io_read_buf(b, &p->expires, sizeof(p->expires)); + io_read_buf(b, &p->purpose, sizeof(p->purpose)); + io_read_buf(b, &p->talid, sizeof(p->talid)); + io_read_buf(b, &p->ipsz, sizeof(p->ipsz)); p->ips = calloc(p->ipsz, sizeof(struct cert_ip)); if (p->ips == NULL) @@ -1335,7 +1335,7 @@ cert_read(struct ibuf *b) for (i = 0; i < p->ipsz; i++) cert_ip_read(b, &p->ips[i]); - io_read_buf(b, &p->asz, sizeof(size_t)); + io_read_buf(b, &p->asz, sizeof(p->asz)); p->as = calloc(p->asz, sizeof(struct cert_as)); if (p->as == NULL) err(1, NULL); @@ -1349,7 +1349,6 @@ cert_read(struct ibuf *b) io_read_str(b, &p->aia); io_read_str(b, &p->aki); io_read_str(b, &p->ski); - io_read_str(b, &p->tal); io_read_str(b, &p->pubkey); assert(p->mft != NULL || p->purpose == CERT_PURPOSE_BGPSEC_ROUTER); @@ -1406,8 +1405,7 @@ insert_brk(struct brk_tree *tree, struct cert *cert, int asid) b->asid = asid; b->expires = cert->expires; - if ((b->tal = strdup(cert->tal)) == NULL) - err(1, NULL); + b->talid = cert->talid; if ((b->ski = strdup(cert->ski)) == NULL) err(1, NULL); if ((b->pubkey = strdup(cert->pubkey)) == NULL) @@ -1420,13 +1418,10 @@ insert_brk(struct brk_tree *tree, struct cert *cert, int asid) if ((found = RB_INSERT(brk_tree, tree, b)) != NULL) { if (found->expires < b->expires) { found->expires = b->expires; - free(found->tal); - found->tal = b->tal; - b->tal = NULL; + found->talid = b->talid; } free(b->ski); free(b->pubkey); - free(b->tal); free(b); } } diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h index 084bd2085c9..c47c6e85677 100644 --- a/usr.sbin/rpki-client/extern.h +++ b/usr.sbin/rpki-client/extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: extern.h,v 1.90 2021/11/03 14:59:37 claudio Exp $ */ +/* $OpenBSD: extern.h,v 1.91 2021/11/04 11:32:55 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -118,6 +118,7 @@ struct cert { size_t ipsz; /* length of "ips" */ struct cert_as *as; /* list of AS numbers and ranges */ size_t asz; /* length of "asz" */ + int talid; /* cert is covered by which TAL */ char *repo; /* CA repository (rsync:// uri) */ char *mft; /* manifest (rsync:// uri) */ char *notify; /* RRDP notify (https:// uri) */ @@ -125,8 +126,7 @@ struct cert { char *aia; /* AIA (or NULL, for trust anchor) */ char *aki; /* AKI (or NULL, for trust anchor) */ char *ski; /* SKI */ - char *tal; /* basename of TAL for this cert */ - enum cert_purpose purpose; /* Certificate Purpose (BGPSec or CA) */ + enum cert_purpose purpose; /* BGPSec or CA */ char *pubkey; /* Subject Public Key Info */ X509 *x509; /* the cert */ time_t expires; /* do not use after */ @@ -145,6 +145,7 @@ struct tal { unsigned char *pkey; /* DER-encoded public key */ size_t pkeysz; /* length of pkey */ char *descr; /* basename of tal file */ + int id; /* ID of this TAL */ }; /* @@ -192,11 +193,11 @@ struct roa { uint32_t asid; /* asID of ROA (if 0, RFC 6483 sec 4) */ struct roa_ip *ips; /* IP prefixes */ size_t ipsz; /* number of IP prefixes */ + int talid; /* ROAs are covered by which TAL */ int valid; /* validated resources */ char *aia; /* AIA */ char *aki; /* AKI */ char *ski; /* SKI */ - char *tal; /* basename of TAL for this cert */ time_t expires; /* do not use after */ }; @@ -216,8 +217,8 @@ struct gbr { struct vrp { RB_ENTRY(vrp) entry; struct ip_addr addr; + int talid; /* covered by which TAL */ uint32_t asid; - char *tal; /* basename of TAL for this cert */ enum afi afi; unsigned char maxlength; time_t expires; /* transitive expiry moment */ @@ -234,7 +235,7 @@ RB_PROTOTYPE(vrp_tree, vrp, entry, vrpcmp); struct brk { RB_ENTRY(brk) entry; uint32_t asid; - char *tal; /* basename of TAL for this key */ + int talid; /* covered by which TAL */ char *ski; /* Subject Key Identifier */ char *pubkey; /* Subject Public Key Info */ time_t expires; /* transitive expiry moment */ @@ -340,7 +341,7 @@ struct entity { int has_data; /* whether data blob is specified */ unsigned char *data; /* optional data blob */ size_t datasz; /* length of optional data blob */ - char *descr; /* tal description */ + int talid; /* tal identifier */ TAILQ_ENTRY(entity) entries; }; TAILQ_HEAD(entityq, entity); @@ -377,7 +378,6 @@ struct stats { size_t del_files; /* number of files removed in cleanup */ size_t del_dirs; /* number of directories removed in cleanup */ size_t brks; /* number of BGPsec Router Key (BRK) certificates */ - char *talnames; struct timeval elapsed_time; struct timeval user_time; struct timeval system_time; @@ -388,6 +388,9 @@ struct msgbuf; /* global variables */ extern int verbose; +extern const char *tals[]; +extern const char *taldescs[]; +extern size_t talsz; /* Routines for RPKI entities. */ diff --git a/usr.sbin/rpki-client/main.c b/usr.sbin/rpki-client/main.c index f05a4d01e3f..0da458ebf52 100644 --- a/usr.sbin/rpki-client/main.c +++ b/usr.sbin/rpki-client/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.160 2021/11/01 17:00:34 claudio Exp $ */ +/* $OpenBSD: main.c,v 1.161 2021/11/04 11:32:55 claudio Exp $ */ /* * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> @@ -49,6 +49,10 @@ */ #define TALSZ_MAX 8 +const char *tals[TALSZ_MAX]; +const char *taldescs[TALSZ_MAX]; +size_t talsz; + size_t entity_queue; int timeout = 60*60; volatile sig_atomic_t killme; @@ -90,7 +94,6 @@ entity_free(struct entity *ent) free(ent->data); free(ent->file); - free(ent->descr); free(ent); } @@ -103,8 +106,8 @@ void entity_read_req(struct ibuf *b, struct entity *ent) { io_read_buf(b, &ent->type, sizeof(ent->type)); + io_read_buf(b, &ent->talid, sizeof(ent->talid)); io_read_str(b, &ent->file); - io_read_str(b, &ent->descr); io_read_buf(b, &ent->has_data, sizeof(ent->has_data)); if (ent->has_data) io_read_buf_alloc(b, (void **)&ent->data, &ent->datasz); @@ -127,8 +130,8 @@ entity_write_req(const struct entity *ent) b = io_new_buffer(); io_simple_buffer(b, &ent->type, sizeof(ent->type)); + io_simple_buffer(b, &ent->talid, sizeof(ent->talid)); io_str_buffer(b, ent->file); - io_str_buffer(b, ent->descr); io_simple_buffer(b, &ent->has_data, sizeof(int)); if (ent->has_data) io_buf_buffer(b, ent->data, ent->datasz); @@ -169,7 +172,7 @@ entityq_flush(struct entityq *q, struct repo *rp) */ static void entityq_add(char *file, enum rtype type, struct repo *rp, - unsigned char *data, size_t datasz, char *descr) + unsigned char *data, size_t datasz, int talid) { struct entity *p; @@ -177,15 +180,13 @@ entityq_add(char *file, enum rtype type, struct repo *rp, err(1, NULL); p->type = type; + p->talid = talid; p->file = file; p->has_data = data != NULL; if (p->has_data) { p->data = data; p->datasz = datasz; } - if (descr != NULL) - if ((p->descr = strdup(descr)) == NULL) - err(1, NULL); entity_queue++; @@ -336,7 +337,7 @@ queue_add_from_mft(const char *mft, const struct mftfile *file, enum rtype type) * that the repository has already been loaded. */ - entityq_add(nfile, type, NULL, NULL, 0, NULL); + entityq_add(nfile, type, NULL, NULL, 0, -1); } /* @@ -384,7 +385,7 @@ queue_add_from_mft_set(const struct mft *mft) * Add a local TAL file (RFC 7730) to the queue of files to fetch. */ static void -queue_add_tal(const char *file) +queue_add_tal(const char *file, int id) { unsigned char *buf; char *nfile; @@ -398,21 +399,8 @@ queue_add_tal(const char *file) return; } - /* Record tal for later reporting */ - if (stats.talnames == NULL) { - if ((stats.talnames = strdup(file)) == NULL) - err(1, NULL); - } else { - char *tmp; - - if (asprintf(&tmp, "%s %s", stats.talnames, file) == -1) - err(1, NULL); - free(stats.talnames); - stats.talnames = tmp; - } - /* Not in a repository, so directly add to queue. */ - entityq_add(nfile, RTYPE_TAL, NULL, buf, len, NULL); + entityq_add(nfile, RTYPE_TAL, NULL, buf, len, id); } /* @@ -426,6 +414,9 @@ queue_add_from_tal(struct tal *tal) assert(tal->urisz); + if ((taldescs[tal->id] = strdup(tal->descr)) == NULL) + err(1, NULL); + /* Look up the repository. */ repo = ta_lookup(tal); @@ -433,7 +424,7 @@ queue_add_from_tal(struct tal *tal) data = tal->pkey; tal->pkey = NULL; entityq_add(NULL, RTYPE_CER, repo, data, - tal->pkeysz, tal->descr); + tal->pkeysz, tal->id); } /* @@ -453,7 +444,7 @@ queue_add_from_cert(const struct cert *cert) if ((nfile = strdup(cert->mft)) == NULL) err(1, NULL); - entityq_add(nfile, RTYPE_MFT, repo, NULL, 0, NULL); + entityq_add(nfile, RTYPE_MFT, repo, NULL, 0, -1); } /* @@ -609,7 +600,7 @@ rrdp_process(struct ibuf *b) * Don't exceded "max" filenames. */ static size_t -tal_load_default(const char *tals[], size_t max) +tal_load_default(void) { static const char *confdir = "/etc/rpki"; size_t s = 0; @@ -623,7 +614,7 @@ tal_load_default(const char *tals[], size_t max) while ((dp = readdir(dirp)) != NULL) { if (fnmatch("*.tal", dp->d_name, FNM_PERIOD) == FNM_NOMATCH) continue; - if (s >= max) + if (s >= TALSZ_MAX) err(1, "too many tal files found in %s", confdir); if (asprintf(&path, "%s/%s", confdir, dp->d_name) == -1) @@ -672,7 +663,7 @@ main(int argc, char *argv[]) { int rc, c, st, proc, rsync, http, rrdp, ok, hangup = 0; int fl = SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK; - size_t i, id, talsz = 0; + size_t i, id; pid_t pid, procpid, rsyncpid, httppid, rrdppid; int fd[2]; struct pollfd pfd[NPFD]; @@ -682,7 +673,7 @@ main(int argc, char *argv[]) char *rsync_prog = "openrsync"; char *bind_addr = NULL; const char *cachedir = NULL, *outputdir = NULL; - const char *tals[TALSZ_MAX], *errs, *name; + const char *errs, *name; const char *file = NULL; struct vrp_tree vrps = RB_INITIALIZER(&vrps); struct brk_tree brks = RB_INITIALIZER(&brks); @@ -799,7 +790,7 @@ main(int argc, char *argv[]) outformats = FORMAT_OPENBGPD; if (talsz == 0) - talsz = tal_load_default(tals, TALSZ_MAX); + talsz = tal_load_default(); if (talsz == 0) err(1, "no TAL files found in %s", "/etc/rpki"); @@ -999,7 +990,7 @@ main(int argc, char *argv[]) */ for (i = 0; i < talsz; i++) - queue_add_tal(tals[i]); + queue_add_tal(tals[i], i); /* change working directory to the cache directory */ if (fchdir(cachefd) == -1) @@ -1170,7 +1161,6 @@ main(int argc, char *argv[]) if (outputfiles(&vrps, &brks, &stats)) rc = 1; - logx("Processing time %lld seconds " "(%lld seconds user, %lld seconds system)", (long long)stats.elapsed_time.tv_sec, @@ -1181,7 +1171,8 @@ main(int argc, char *argv[]) logx("BGPsec Router Certificates: %zu", stats.brks); logx("Certificates: %zu (%zu invalid)", stats.certs, stats.certs_fail); - logx("Trust Anchor Locators: %zu", stats.tals); + logx("Trust Anchor Locators: %zu (%zu invalid)", + stats.tals, talsz - stats.tals); logx("Manifests: %zu (%zu failed parse, %zu stale)", stats.mfts, stats.mfts_fail, stats.mfts_stale); logx("Certificate revocation lists: %zu", stats.crls); diff --git a/usr.sbin/rpki-client/output-csv.c b/usr.sbin/rpki-client/output-csv.c index e8c23217f97..80cc0e78901 100644 --- a/usr.sbin/rpki-client/output-csv.c +++ b/usr.sbin/rpki-client/output-csv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: output-csv.c,v 1.11 2021/10/11 16:50:03 job Exp $ */ +/* $OpenBSD: output-csv.c,v 1.12 2021/11/04 11:32:55 claudio Exp $ */ /* * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org> * @@ -34,7 +34,8 @@ output_csv(FILE *out, struct vrp_tree *vrps, struct brk_tree *brks, ip_addr_print(&v->addr, v->afi, buf, sizeof(buf)); if (fprintf(out, "AS%u,%s,%u,%s,%lld\n", v->asid, buf, - v->maxlength, v->tal, (long long)v->expires) < 0) + v->maxlength, taldescs[v->talid], + (long long)v->expires) < 0) return -1; } return 0; diff --git a/usr.sbin/rpki-client/output-json.c b/usr.sbin/rpki-client/output-json.c index d390179112f..116a35d88ad 100644 --- a/usr.sbin/rpki-client/output-json.c +++ b/usr.sbin/rpki-client/output-json.c @@ -1,4 +1,4 @@ -/* $OpenBSD: output-json.c,v 1.21 2021/11/01 17:00:34 claudio Exp $ */ +/* $OpenBSD: output-json.c,v 1.22 2021/11/04 11:32:55 claudio Exp $ */ /* * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org> * @@ -28,6 +28,7 @@ outputheader_json(FILE *out, struct stats *st) char hn[NI_MAXHOST], tbuf[26]; struct tm *tp; time_t t; + size_t i; time(&t); setenv("TZ", "UTC", 1); @@ -50,7 +51,24 @@ outputheader_json(FILE *out, struct stats *st) "\t\t\"certificates\": %zu,\n" "\t\t\"invalidcertificates\": %zu,\n" "\t\t\"tals\": %zu,\n" - "\t\t\"talfiles\": \"%s\",\n" + "\t\t\"invalidtals\": %zu,\n" + "\t\t\"talfiles\": [\n", + hn, tbuf, (long long)st->elapsed_time.tv_sec, + (long long)st->user_time.tv_sec, (long long)st->system_time.tv_sec, + st->roas, st->roas_fail, st->roas_invalid, + st->brks, st->certs, st->certs_fail, + st->tals, talsz - st->tals) < 0) + return -1; + + for (i = 0; i < talsz; i++) { + if (fprintf(out, + "\t\t\t\"%s\"%s\n", + tals[i], i == talsz - 1 ? "" : ",") < 0) + return -1; + } + + if (fprintf(out, + "\t\t],\n" "\t\t\"manifests\": %zu,\n" "\t\t\"failedmanifests\": %zu,\n" "\t\t\"stalemanifests\": %zu,\n" @@ -62,11 +80,6 @@ outputheader_json(FILE *out, struct stats *st) "\t\t\"cachedir_del_files\": %zu,\n" "\t\t\"cachedir_del_dirs\": %zu\n" "\t},\n\n", - hn, tbuf, (long long)st->elapsed_time.tv_sec, - (long long)st->user_time.tv_sec, (long long)st->system_time.tv_sec, - st->roas, st->roas_fail, st->roas_invalid, - st->brks, st->certs, st->certs_fail, - st->tals, st->talnames, st->mfts, st->mfts_fail, st->mfts_stale, st->crls, st->gbrs, @@ -103,7 +116,8 @@ output_json(FILE *out, struct vrp_tree *vrps, struct brk_tree *brks, if (fprintf(out, "\t\t{ \"asn\": %u, \"prefix\": \"%s\", " "\"maxLength\": %u, \"ta\": \"%s\", \"expires\": %lld }", - v->asid, buf, v->maxlength, v->tal, (long long)v->expires) + v->asid, buf, v->maxlength, taldescs[v->talid], + (long long)v->expires) < 0) return -1; } @@ -121,7 +135,7 @@ output_json(FILE *out, struct vrp_tree *vrps, struct brk_tree *brks, if (fprintf(out, "\t\t{ \"asn\": %u, \"ski\": \"%s\", " "\"pubkey\": \"%s\", \"ta\": \"%s\", \"expires\": %lld }", - b->asid, b->ski, b->pubkey, b->tal, + b->asid, b->ski, b->pubkey, taldescs[b->talid], (long long)b->expires) < 0) return -1; } diff --git a/usr.sbin/rpki-client/output.c b/usr.sbin/rpki-client/output.c index 7578e04d50d..c455ebec437 100644 --- a/usr.sbin/rpki-client/output.c +++ b/usr.sbin/rpki-client/output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: output.c,v 1.23 2021/11/01 17:00:34 claudio Exp $ */ +/* $OpenBSD: output.c,v 1.24 2021/11/04 11:32:55 claudio Exp $ */ /* * Copyright (c) 2019 Theo de Raadt <deraadt@openbsd.org> * @@ -201,6 +201,7 @@ outputheader(FILE *out, struct stats *st) char hn[NI_MAXHOST], tbuf[80]; struct tm *tp; time_t t; + size_t i; time(&t); setenv("TZ", "UTC", 1); @@ -211,21 +212,31 @@ outputheader(FILE *out, struct stats *st) if (fprintf(out, "# Generated on host %s at %s\n" - "# Processing time %lld seconds (%lld seconds user, %lld seconds system)\n" + "# Processing time %lld seconds (%llds user, %llds system)\n" "# Route Origin Authorizations: %zu (%zu failed parse, %zu invalid)\n" "# BGPsec Router Certificates: %zu\n" - "# Certificates: %zu (%zu invalid)\n" - "# Trust Anchor Locators: %zu (%s)\n" + "# Certificates: %zu (%zu invalid)\n", + hn, tbuf, (long long)st->elapsed_time.tv_sec, + (long long)st->user_time.tv_sec, (long long)st->system_time.tv_sec, + st->roas, st->roas_fail, st->roas_invalid, + st->brks, st->certs, st->certs_fail) < 0) + return -1; + + if (fprintf(out, + "# Trust Anchor Locators: %zu (%zu invalid) [", st->tals, + talsz - st->tals) < 0) + return -1; + for (i = 0; i < talsz; i++) + if (fprintf(out, " %s", tals[i]) < 0) + return -1; + + if (fprintf(out, + " ]\n" "# Manifests: %zu (%zu failed parse, %zu stale)\n" "# Certificate revocation lists: %zu\n" "# Ghostbuster records: %zu\n" "# Repositories: %zu\n" "# VRP Entries: %zu (%zu unique)\n", - hn, tbuf, (long long)st->elapsed_time.tv_sec, - (long long)st->user_time.tv_sec, (long long)st->system_time.tv_sec, - st->roas, st->roas_fail, st->roas_invalid, - st->brks, st->certs, st->certs_fail, - st->tals, st->talnames, st->mfts, st->mfts_fail, st->mfts_stale, st->crls, st->gbrs, diff --git a/usr.sbin/rpki-client/parser.c b/usr.sbin/rpki-client/parser.c index b403434772e..8c0a851181f 100644 --- a/usr.sbin/rpki-client/parser.c +++ b/usr.sbin/rpki-client/parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.c,v 1.26 2021/11/03 10:50:18 claudio Exp $ */ +/* $OpenBSD: parser.c,v 1.27 2021/11/04 11:32:55 claudio Exp $ */ /* * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> @@ -233,8 +233,7 @@ proc_parser_cert(const struct entity *entp, const unsigned char *der, sk_X509_free(chain); sk_X509_CRL_free(crls); - if ((cert->tal = strdup(a->cert->tal)) == NULL) - err(1, NULL); + cert->talid = a->cert->talid; /* Validate the cert to get the parent */ if (!valid_cert(entp->file, &auths, cert)) { @@ -319,8 +318,7 @@ proc_parser_root_cert(const struct entity *entp, const unsigned char *der, goto badcert; } - if ((cert->tal = strdup(entp->descr)) == NULL) - err(1, NULL); + cert->talid = entp->talid; /* * Add valid roots to the RPKI auth tree. @@ -521,6 +519,7 @@ parse_entity(struct entityq *q, struct msgbuf *msgq) entp->datasz)) == NULL) errx(1, "%s: could not parse tal file", entp->file); + tal->id = entp->talid; tal_buffer(b, tal); tal_free(tal); break; diff --git a/usr.sbin/rpki-client/roa.c b/usr.sbin/rpki-client/roa.c index eefe6a5cb94..488012d5493 100644 --- a/usr.sbin/rpki-client/roa.c +++ b/usr.sbin/rpki-client/roa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: roa.c,v 1.30 2021/10/28 09:02:19 beck Exp $ */ +/* $OpenBSD: roa.c,v 1.31 2021/11/04 11:32:55 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -409,7 +409,6 @@ roa_free(struct roa *p) free(p->aki); free(p->ski); free(p->ips); - free(p->tal); free(p); } @@ -422,10 +421,11 @@ roa_buffer(struct ibuf *b, const struct roa *p) { size_t i; - io_simple_buffer(b, &p->valid, sizeof(int)); - io_simple_buffer(b, &p->asid, sizeof(uint32_t)); - io_simple_buffer(b, &p->ipsz, sizeof(size_t)); - io_simple_buffer(b, &p->expires, sizeof(time_t)); + io_simple_buffer(b, &p->valid, sizeof(p->valid)); + io_simple_buffer(b, &p->asid, sizeof(p->asid)); + io_simple_buffer(b, &p->talid, sizeof(p->talid)); + io_simple_buffer(b, &p->ipsz, sizeof(p->ipsz)); + io_simple_buffer(b, &p->expires, sizeof(p->expires)); for (i = 0; i < p->ipsz; i++) { io_simple_buffer(b, &p->ips[i].afi, sizeof(enum afi)); @@ -438,7 +438,6 @@ roa_buffer(struct ibuf *b, const struct roa *p) io_str_buffer(b, p->aia); io_str_buffer(b, p->aki); io_str_buffer(b, p->ski); - io_str_buffer(b, p->tal); } /* @@ -455,10 +454,11 @@ roa_read(struct ibuf *b) if ((p = calloc(1, sizeof(struct roa))) == NULL) err(1, NULL); - io_read_buf(b, &p->valid, sizeof(int)); - io_read_buf(b, &p->asid, sizeof(uint32_t)); - io_read_buf(b, &p->ipsz, sizeof(size_t)); - io_read_buf(b, &p->expires, sizeof(time_t)); + io_read_buf(b, &p->valid, sizeof(p->valid)); + io_read_buf(b, &p->asid, sizeof(p->asid)); + io_read_buf(b, &p->talid, sizeof(p->talid)); + io_read_buf(b, &p->ipsz, sizeof(p->ipsz)); + io_read_buf(b, &p->expires, sizeof(p->expires)); if ((p->ips = calloc(p->ipsz, sizeof(struct roa_ip))) == NULL) err(1, NULL); @@ -474,8 +474,7 @@ roa_read(struct ibuf *b) io_read_str(b, &p->aia); io_read_str(b, &p->aki); io_read_str(b, &p->ski); - io_read_str(b, &p->tal); - assert(p->aia && p->aki && p->ski && p->tal); + assert(p->aia && p->aki && p->ski); return p; } @@ -499,8 +498,7 @@ roa_insert_vrps(struct vrp_tree *tree, struct roa *roa, size_t *vrps, v->addr = roa->ips[i].addr; v->maxlength = roa->ips[i].maxlength; v->asid = roa->asid; - if ((v->tal = strdup(roa->tal)) == NULL) - err(1, NULL); + v->talid = roa->talid; v->expires = roa->expires; /* @@ -512,12 +510,9 @@ roa_insert_vrps(struct vrp_tree *tree, struct roa *roa, size_t *vrps, /* already exists */ if (found->expires < v->expires) { /* update found with preferred data */ - found->expires = roa->expires; - free(found->tal); - found->tal = v->tal; - v->tal = NULL; + found->talid = v->talid; + found->expires = v->expires; } - free(v->tal); free(v); } else (*uniqs)++; diff --git a/usr.sbin/rpki-client/tal.c b/usr.sbin/rpki-client/tal.c index c45d96bc94e..1eb5067c122 100644 --- a/usr.sbin/rpki-client/tal.c +++ b/usr.sbin/rpki-client/tal.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tal.c,v 1.33 2021/11/03 18:10:12 tb Exp $ */ +/* $OpenBSD: tal.c,v 1.34 2021/11/04 11:32:55 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -215,9 +215,10 @@ tal_buffer(struct ibuf *b, const struct tal *p) { size_t i; + io_simple_buffer(b, &p->id, sizeof(p->id)); io_buf_buffer(b, p->pkey, p->pkeysz); io_str_buffer(b, p->descr); - io_simple_buffer(b, &p->urisz, sizeof(size_t)); + io_simple_buffer(b, &p->urisz, sizeof(p->urisz)); for (i = 0; i < p->urisz; i++) io_str_buffer(b, p->uri[i]); @@ -237,9 +238,10 @@ tal_read(struct ibuf *b) if ((p = calloc(1, sizeof(struct tal))) == NULL) err(1, NULL); + io_read_buf(b, &p->id, sizeof(p->id)); io_read_buf_alloc(b, (void **)&p->pkey, &p->pkeysz); io_read_str(b, &p->descr); - io_read_buf(b, &p->urisz, sizeof(size_t)); + io_read_buf(b, &p->urisz, sizeof(p->urisz)); assert(p->pkeysz > 0); assert(p->descr); assert(p->urisz > 0); diff --git a/usr.sbin/rpki-client/validate.c b/usr.sbin/rpki-client/validate.c index cf58d249845..6d44b65e5ff 100644 --- a/usr.sbin/rpki-client/validate.c +++ b/usr.sbin/rpki-client/validate.c @@ -1,4 +1,4 @@ -/* $OpenBSD: validate.c,v 1.21 2021/11/01 09:12:18 claudio Exp $ */ +/* $OpenBSD: validate.c,v 1.22 2021/11/04 11:32:55 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -217,8 +217,7 @@ valid_roa(const char *fn, struct auth_tree *auths, struct roa *roa) if (a == NULL) return 0; - if ((roa->tal = strdup(a->cert->tal)) == NULL) - err(1, NULL); + roa->talid = a->cert->talid; for (i = 0; i < roa->ipsz; i++) { if (valid_ip(a, roa->ips[i].afi, roa->ips[i].min, |