Replace a super strange way to translate some binary blob into a hex string.
The code drops the : from the string but this is fine, the : is just
visual fluff. I used the same function in the not yet finished RRDP
codebase and there I don't want the extra ':'.
Works for me.
--
:wq Claudio
Index: extern.h
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/extern.h,v
retrieving revision 1.58
diff -u -p -r1.58 extern.h
--- extern.h 29 Mar 2021 06:50:44 -0000 1.58
+++ extern.h 29 Mar 2021 08:09:34 -0000
@@ -458,6 +458,7 @@ int output_json(FILE *, struct vrp_tre
void logx(const char *fmt, ...)
__attribute__((format(printf, 1, 2)));
+char *bin_to_hex(const unsigned char *, size_t);
int mkpath(const char *);
Index: main.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v
retrieving revision 1.126
diff -u -p -r1.126 main.c
--- main.c 29 Mar 2021 03:45:35 -0000 1.126
+++ main.c 29 Mar 2021 08:09:23 -0000
@@ -830,6 +830,25 @@ repo_cleanup(void)
return delsz;
}
+char *
+bin_to_hex(const unsigned char *in, size_t insz)
+{
+ const char hex[] = "0123456789abcdef";
+ size_t i;
+ char *out;
+
+ if ((out = calloc(2, insz + 1)) == NULL)
+ err(1, NULL);
+
+ for (i = 0; i < insz; i++) {
+ out[i * 2] = hex[in[i] >> 4];
+ out[i * 2 + 1] = hex[in[i] & 0xf];
+ }
+ out[i * 2] = '\0';
+
+ return out;
+}
+
void
suicide(int sig __attribute__((unused)))
{
Index: x509.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/x509.c,v
retrieving revision 1.19
diff -u -p -r1.19 x509.c
--- x509.c 29 Mar 2021 06:50:44 -0000 1.19
+++ x509.c 29 Mar 2021 08:28:59 -0000
@@ -32,7 +32,7 @@
/*
* Parse X509v3 authority key identifier (AKI), RFC 6487 sec. 4.8.3.
* Returns the AKI or NULL if it could not be parsed.
- * The AKI is formatted as aa:bb:cc:dd, with each being a hex value.
+ * The AKI is formatted as a hex string.
*/
char *
x509_get_aki(X509 *x, int ta, const char *fn)
@@ -40,8 +40,7 @@ x509_get_aki(X509 *x, int ta, const char
const unsigned char *d;
AUTHORITY_KEYID *akid;
ASN1_OCTET_STRING *os;
- int i, dsz, crit;
- char buf[4];
+ int dsz, crit;
char *res = NULL;
akid = X509_get_ext_d2i(x, NID_authority_key_identifier, &crit, NULL);
@@ -80,16 +79,7 @@ x509_get_aki(X509 *x, int ta, const char
goto out;
}
- /* Make room for [hex1, hex2, ":"]*, NUL. */
-
- if ((res = calloc(dsz * 3 + 1, 1)) == NULL)
- err(1, NULL);
-
- for (i = 0; i < dsz; i++) {
- snprintf(buf, sizeof(buf), "%02X:", d[i]);
- strlcat(res, buf, dsz * 3 + 1);
- }
- res[dsz * 3 - 1] = '\0';
+ res = bin_to_hex(d, dsz);
out:
AUTHORITY_KEYID_free(akid);
return res;
@@ -98,15 +88,14 @@ out:
/*
* Parse X509v3 subject key identifier (SKI), RFC 6487 sec. 4.8.2.
* Returns the SKI or NULL if it could not be parsed.
- * The SKI is formatted as aa:bb:cc:dd, with each being a hex value.
+ * The SKI is formatted as a hex string.
*/
char *
x509_get_ski(X509 *x, const char *fn)
{
const unsigned char *d;
ASN1_OCTET_STRING *os;
- int i, dsz, crit;
- char buf[4];
+ int dsz, crit;
char *res = NULL;
os = X509_get_ext_d2i(x, NID_subject_key_identifier, &crit, NULL);
@@ -130,16 +119,7 @@ x509_get_ski(X509 *x, const char *fn)
goto out;
}
- /* Make room for [hex1, hex2, ":"]*, NUL. */
-
- if ((res = calloc(dsz * 3 + 1, 1)) == NULL)
- err(1, NULL);
-
- for (i = 0; i < dsz; i++) {
- snprintf(buf, sizeof(buf), "%02X:", d[i]);
- strlcat(res, buf, dsz * 3 + 1);
- }
- res[dsz * 3 - 1] = '\0';
+ res = bin_to_hex(d, dsz);
out:
ASN1_OCTET_STRING_free(os);
return res;
@@ -270,14 +250,19 @@ out:
return crl;
}
+/*
+ * Parse X509v3 authority key identifier (AKI) from the CRL.
+ * This is matched against the string from x509_get_ski() above.
+ * Returns the AKI or NULL if it could not be parsed.
+ * The AKI is formatted as a hex string.
+ */
char *
x509_crl_get_aki(X509_CRL *crl, const char *fn)
{
const unsigned char *d;
AUTHORITY_KEYID *akid;
ASN1_OCTET_STRING *os;
- int i, dsz, crit;
- char buf[4];
+ int dsz, crit;
char *res = NULL;
akid = X509_CRL_get_ext_d2i(crl, NID_authority_key_identifier, &crit,
@@ -315,16 +300,7 @@ x509_crl_get_aki(X509_CRL *crl, const ch
goto out;
}
- /* Make room for [hex1, hex2, ":"]*, NUL. */
-
- if ((res = calloc(dsz * 3 + 1, 1)) == NULL)
- err(1, NULL);
-
- for (i = 0; i < dsz; i++) {
- snprintf(buf, sizeof(buf), "%02X:", d[i]);
- strlcat(res, buf, dsz * 3 + 1);
- }
- res[dsz * 3 - 1] = '\0';
+ res = bin_to_hex(d, dsz);
out:
AUTHORITY_KEYID_free(akid);
return res;
