On Sat, Sep 23, 2023 at 12:59:48PM +0200, Theo Buehler wrote: > This is a boring mechanical diff that splits some of the noise out of a > larger diff that Job will send out and explain in detail soon. In itself > it changes nothing. For a given product we will need to know the > originating TA for additional checks in cert_parse_ee_cert(). > > The callers of cert_parse_ee_cert() are *_parse(), except cert_parse() > and crl_parse(), which are special anyway. > > In !filemode the talid is known to the caller of proc_parser_* (since > struct entp contains it). proc_parser_* later recovers this info from > struct auth returned by valid_ski_aki() but that's only possible after > *_parse() was called. > > So pass the full struct entp * to proc_parser_*() instead of only the > entp->mftaki and then pass entp->talid and entp->mftaki where needed. > > In filemode the talid is unknown at the point when *_parse() is called, > so set it to -1 to indicate that. > > There are various other ways of achieving what Job's plan needs. For > example, we could replace X509 ** with struct cert_ip ** in *_parse and > do the check in proc_parser_* instead of cert_parse_ee_cert(). The > resulting complexity is about the same and unless there are strong > concerns or objections I'd like to do it the way below. > > Regress needs a trivial adjustment that I will commit at the same time.
I see nothing that speaks against this. OK claudio@ > Index: aspa.c > =================================================================== > RCS file: /cvs/src/usr.sbin/rpki-client/aspa.c,v > retrieving revision 1.22 > diff -u -p -r1.22 aspa.c > --- aspa.c 10 Jul 2023 12:02:37 -0000 1.22 > +++ aspa.c 23 Sep 2023 09:59:32 -0000 > @@ -159,7 +159,8 @@ aspa_parse_econtent(const unsigned char > * Returns the payload or NULL if the file was malformed. > */ > struct aspa * > -aspa_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len) > +aspa_parse(X509 **x509, const char *fn, int talid, const unsigned char *der, > + size_t len) > { > struct parse p; > size_t cmsz; > Index: extern.h > =================================================================== > RCS file: /cvs/src/usr.sbin/rpki-client/extern.h,v > retrieving revision 1.189 > diff -u -p -r1.189 extern.h > --- extern.h 12 Sep 2023 09:33:30 -0000 1.189 > +++ extern.h 23 Sep 2023 09:59:32 -0000 > @@ -624,33 +624,33 @@ void cert_insert_brks(struct brk_tree > enum rtype rtype_from_file_extension(const char *); > void mft_buffer(struct ibuf *, const struct mft *); > void mft_free(struct mft *); > -struct mft *mft_parse(X509 **, const char *, const unsigned char *, > +struct mft *mft_parse(X509 **, const char *, int, const unsigned char *, > size_t); > struct mft *mft_read(struct ibuf *); > int mft_compare(const struct mft *, const struct mft *); > > void roa_buffer(struct ibuf *, const struct roa *); > void roa_free(struct roa *); > -struct roa *roa_parse(X509 **, const char *, const unsigned char *, > +struct roa *roa_parse(X509 **, const char *, int, const unsigned char *, > size_t); > struct roa *roa_read(struct ibuf *); > void roa_insert_vrps(struct vrp_tree *, struct roa *, > struct repo *); > > void gbr_free(struct gbr *); > -struct gbr *gbr_parse(X509 **, const char *, const unsigned char *, > +struct gbr *gbr_parse(X509 **, const char *, int, const unsigned char *, > size_t); > > void geofeed_free(struct geofeed *); > -struct geofeed *geofeed_parse(X509 **, const char *, char *, size_t); > +struct geofeed *geofeed_parse(X509 **, const char *, int, char *, > size_t); > > void rsc_free(struct rsc *); > -struct rsc *rsc_parse(X509 **, const char *, const unsigned char *, > +struct rsc *rsc_parse(X509 **, const char *, int, const unsigned char *, > size_t); > > void takey_free(struct takey *); > void tak_free(struct tak *); > -struct tak *tak_parse(X509 **, const char *, const unsigned char *, > +struct tak *tak_parse(X509 **, const char *, int, const unsigned char *, > size_t); > struct tak *tak_read(struct ibuf *); > > @@ -658,7 +658,7 @@ void aspa_buffer(struct ibuf *, const > void aspa_free(struct aspa *); > void aspa_insert_vaps(struct vap_tree *, struct aspa *, > struct repo *); > -struct aspa *aspa_parse(X509 **, const char *, const unsigned char *, > +struct aspa *aspa_parse(X509 **, const char *, int, const unsigned char *, > size_t); > struct aspa *aspa_read(struct ibuf *); > > Index: filemode.c > =================================================================== > RCS file: /cvs/src/usr.sbin/rpki-client/filemode.c,v > retrieving revision 1.34 > diff -u -p -r1.34 filemode.c > --- filemode.c 29 Jun 2023 10:28:25 -0000 1.34 > +++ filemode.c 23 Sep 2023 09:59:32 -0000 > @@ -346,7 +346,7 @@ proc_parser_file(char *file, unsigned ch > > switch (type) { > case RTYPE_ASPA: > - aspa = aspa_parse(&x509, file, buf, len); > + aspa = aspa_parse(&x509, file, -1, buf, len); > if (aspa == NULL) > break; > aia = aspa->aia; > @@ -378,7 +378,7 @@ proc_parser_file(char *file, unsigned ch > crl_print(crl); > break; > case RTYPE_MFT: > - mft = mft_parse(&x509, file, buf, len); > + mft = mft_parse(&x509, file, -1, buf, len); > if (mft == NULL) > break; > aia = mft->aia; > @@ -387,7 +387,7 @@ proc_parser_file(char *file, unsigned ch > notafter = &mft->nextupdate; > break; > case RTYPE_GBR: > - gbr = gbr_parse(&x509, file, buf, len); > + gbr = gbr_parse(&x509, file, -1, buf, len); > if (gbr == NULL) > break; > aia = gbr->aia; > @@ -396,7 +396,7 @@ proc_parser_file(char *file, unsigned ch > notafter = &gbr->notafter; > break; > case RTYPE_GEOFEED: > - geofeed = geofeed_parse(&x509, file, buf, len); > + geofeed = geofeed_parse(&x509, file, -1, buf, len); > if (geofeed == NULL) > break; > aia = geofeed->aia; > @@ -405,7 +405,7 @@ proc_parser_file(char *file, unsigned ch > notafter = &geofeed->notafter; > break; > case RTYPE_ROA: > - roa = roa_parse(&x509, file, buf, len); > + roa = roa_parse(&x509, file, -1, buf, len); > if (roa == NULL) > break; > aia = roa->aia; > @@ -414,7 +414,7 @@ proc_parser_file(char *file, unsigned ch > notafter = &roa->notafter; > break; > case RTYPE_RSC: > - rsc = rsc_parse(&x509, file, buf, len); > + rsc = rsc_parse(&x509, file, -1, buf, len); > if (rsc == NULL) > break; > aia = rsc->aia; > @@ -423,7 +423,7 @@ proc_parser_file(char *file, unsigned ch > notafter = &rsc->notafter; > break; > case RTYPE_TAK: > - tak = tak_parse(&x509, file, buf, len); > + tak = tak_parse(&x509, file, -1, buf, len); > if (tak == NULL) > break; > aia = tak->aia; > Index: gbr.c > =================================================================== > RCS file: /cvs/src/usr.sbin/rpki-client/gbr.c,v > retrieving revision 1.27 > diff -u -p -r1.27 gbr.c > --- gbr.c 20 Jun 2023 12:39:50 -0000 1.27 > +++ gbr.c 23 Sep 2023 09:59:32 -0000 > @@ -40,7 +40,8 @@ extern ASN1_OBJECT *gbr_oid; > * Returns the payload or NULL if the document was malformed. > */ > struct gbr * > -gbr_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len) > +gbr_parse(X509 **x509, const char *fn, int talid, const unsigned char *der, > + size_t len) > { > struct parse p; > struct cert *cert = NULL; > Index: geofeed.c > =================================================================== > RCS file: /cvs/src/usr.sbin/rpki-client/geofeed.c,v > retrieving revision 1.13 > diff -u -p -r1.13 geofeed.c > --- geofeed.c 10 Mar 2023 12:44:56 -0000 1.13 > +++ geofeed.c 23 Sep 2023 09:59:32 -0000 > @@ -100,7 +100,7 @@ geofeed_parse_geoip(struct geofeed *res, > * Returns the Geofeed, or NULL if the object was malformed. > */ > struct geofeed * > -geofeed_parse(X509 **x509, const char *fn, char *buf, size_t len) > +geofeed_parse(X509 **x509, const char *fn, int talid, char *buf, size_t len) > { > struct parse p; > char *delim, *line, *loc, *nl; > Index: mft.c > =================================================================== > RCS file: /cvs/src/usr.sbin/rpki-client/mft.c,v > retrieving revision 1.97 > diff -u -p -r1.97 mft.c > --- mft.c 3 Sep 2023 10:48:50 -0000 1.97 > +++ mft.c 23 Sep 2023 09:59:32 -0000 > @@ -358,7 +358,8 @@ mft_parse_econtent(const unsigned char * > * The MFT content is otherwise returned. > */ > struct mft * > -mft_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len) > +mft_parse(X509 **x509, const char *fn, int talid, const unsigned char *der, > + size_t len) > { > struct parse p; > struct cert *cert = NULL; > Index: parser.c > =================================================================== > RCS file: /cvs/src/usr.sbin/rpki-client/parser.c,v > retrieving revision 1.98 > diff -u -p -r1.98 parser.c > --- parser.c 30 Aug 2023 10:01:52 -0000 1.98 > +++ parser.c 23 Sep 2023 09:59:32 -0000 > @@ -126,7 +126,7 @@ parse_filepath(unsigned int repoid, cons > */ > static struct roa * > proc_parser_roa(char *file, const unsigned char *der, size_t len, > - const char *mftaki) > + const struct entity *entp) > { > struct roa *roa; > struct auth *a; > @@ -134,10 +134,10 @@ proc_parser_roa(char *file, const unsign > X509 *x509; > const char *errstr; > > - if ((roa = roa_parse(&x509, file, der, len)) == NULL) > + if ((roa = roa_parse(&x509, file, entp->talid, der, len)) == NULL) > return NULL; > > - a = valid_ski_aki(file, &auths, roa->ski, roa->aki, mftaki); > + a = valid_ski_aki(file, &auths, roa->ski, roa->aki, entp->mftaki); > crl = crl_get(&crlt, a); > > if (!valid_x509(file, ctx, x509, a, crl, &errstr)) { > @@ -276,7 +276,7 @@ proc_parser_mft_pre(struct entity *entp, > if (der == NULL && errno != ENOENT) > warn("parse file %s", *file); > > - if ((mft = mft_parse(&x509, *file, der, len)) == NULL) { > + if ((mft = mft_parse(&x509, *file, entp->talid, der, len)) == NULL) { > free(der); > return NULL; > } > @@ -493,7 +493,7 @@ proc_parser_root_cert(char *file, const > */ > static struct gbr * > proc_parser_gbr(char *file, const unsigned char *der, size_t len, > - const char *mftaki) > + const struct entity *entp) > { > struct gbr *gbr; > X509 *x509; > @@ -501,10 +501,10 @@ proc_parser_gbr(char *file, const unsign > struct auth *a; > const char *errstr; > > - if ((gbr = gbr_parse(&x509, file, der, len)) == NULL) > + if ((gbr = gbr_parse(&x509, file, entp->talid, der, len)) == NULL) > return NULL; > > - a = valid_ski_aki(file, &auths, gbr->ski, gbr->aki, mftaki); > + a = valid_ski_aki(file, &auths, gbr->ski, gbr->aki, entp->mftaki); > crl = crl_get(&crlt, a); > > /* return value can be ignored since nothing happens here */ > @@ -526,7 +526,7 @@ proc_parser_gbr(char *file, const unsign > */ > static struct aspa * > proc_parser_aspa(char *file, const unsigned char *der, size_t len, > - const char *mftaki) > + const struct entity *entp) > { > struct aspa *aspa; > struct auth *a; > @@ -534,10 +534,10 @@ proc_parser_aspa(char *file, const unsig > X509 *x509; > const char *errstr; > > - if ((aspa = aspa_parse(&x509, file, der, len)) == NULL) > + if ((aspa = aspa_parse(&x509, file, entp->talid, der, len)) == NULL) > return NULL; > > - a = valid_ski_aki(file, &auths, aspa->ski, aspa->aki, mftaki); > + a = valid_ski_aki(file, &auths, aspa->ski, aspa->aki, entp->mftaki); > crl = crl_get(&crlt, a); > > if (!valid_x509(file, ctx, x509, a, crl, &errstr)) { > @@ -560,7 +560,7 @@ proc_parser_aspa(char *file, const unsig > */ > static struct tak * > proc_parser_tak(char *file, const unsigned char *der, size_t len, > - const char *mftaki) > + const struct entity *entp) > { > struct tak *tak; > X509 *x509; > @@ -569,10 +569,10 @@ proc_parser_tak(char *file, const unsign > const char *errstr; > int rc = 0; > > - if ((tak = tak_parse(&x509, file, der, len)) == NULL) > + if ((tak = tak_parse(&x509, file, entp->talid, der, len)) == NULL) > return NULL; > > - a = valid_ski_aki(file, &auths, tak->ski, tak->aki, mftaki); > + a = valid_ski_aki(file, &auths, tak->ski, tak->aki, entp->mftaki); > crl = crl_get(&crlt, a); > > if (!valid_x509(file, ctx, x509, a, crl, &errstr)) { > @@ -729,7 +729,7 @@ parse_entity(struct entityq *q, struct m > case RTYPE_ROA: > file = parse_load_file(entp, &f, &flen); > io_str_buffer(b, file); > - roa = proc_parser_roa(file, f, flen, entp->mftaki); > + roa = proc_parser_roa(file, f, flen, entp); > if (roa != NULL) > mtime = roa->signtime; > io_simple_buffer(b, &mtime, sizeof(mtime)); > @@ -742,7 +742,7 @@ parse_entity(struct entityq *q, struct m > case RTYPE_GBR: > file = parse_load_file(entp, &f, &flen); > io_str_buffer(b, file); > - gbr = proc_parser_gbr(file, f, flen, entp->mftaki); > + gbr = proc_parser_gbr(file, f, flen, entp); > if (gbr != NULL) > mtime = gbr->signtime; > io_simple_buffer(b, &mtime, sizeof(mtime)); > @@ -751,7 +751,7 @@ parse_entity(struct entityq *q, struct m > case RTYPE_ASPA: > file = parse_load_file(entp, &f, &flen); > io_str_buffer(b, file); > - aspa = proc_parser_aspa(file, f, flen, entp->mftaki); > + aspa = proc_parser_aspa(file, f, flen, entp); > if (aspa != NULL) > mtime = aspa->signtime; > io_simple_buffer(b, &mtime, sizeof(mtime)); > @@ -764,7 +764,7 @@ parse_entity(struct entityq *q, struct m > case RTYPE_TAK: > file = parse_load_file(entp, &f, &flen); > io_str_buffer(b, file); > - tak = proc_parser_tak(file, f, flen, entp->mftaki); > + tak = proc_parser_tak(file, f, flen, entp); > if (tak != NULL) > mtime = tak->signtime; > io_simple_buffer(b, &mtime, sizeof(mtime)); > Index: roa.c > =================================================================== > RCS file: /cvs/src/usr.sbin/rpki-client/roa.c,v > retrieving revision 1.69 > diff -u -p -r1.69 roa.c > --- roa.c 29 Jun 2023 10:28:25 -0000 1.69 > +++ roa.c 23 Sep 2023 09:59:32 -0000 > @@ -208,7 +208,8 @@ roa_parse_econtent(const unsigned char * > * Returns the ROA or NULL if the document was malformed. > */ > struct roa * > -roa_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len) > +roa_parse(X509 **x509, const char *fn, int talid, const unsigned char *der, > + size_t len) > { > struct parse p; > size_t cmsz; > Index: rsc.c > =================================================================== > RCS file: /cvs/src/usr.sbin/rpki-client/rsc.c,v > retrieving revision 1.27 > diff -u -p -r1.27 rsc.c > --- rsc.c 29 Jun 2023 10:28:25 -0000 1.27 > +++ rsc.c 23 Sep 2023 09:59:32 -0000 > @@ -371,7 +371,8 @@ rsc_parse_econtent(const unsigned char * > * Returns the RSC or NULL if the object was malformed. > */ > struct rsc * > -rsc_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len) > +rsc_parse(X509 **x509, const char *fn, int talid, const unsigned char *der, > + size_t len) > { > struct parse p; > unsigned char *cms; > Index: tak.c > =================================================================== > RCS file: /cvs/src/usr.sbin/rpki-client/tak.c,v > retrieving revision 1.11 > diff -u -p -r1.11 tak.c > --- tak.c 29 Jun 2023 10:28:25 -0000 1.11 > +++ tak.c 23 Sep 2023 09:59:32 -0000 > @@ -225,7 +225,8 @@ tak_parse_econtent(const unsigned char * > * Returns the TAK or NULL if the object was malformed. > */ > struct tak * > -tak_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len) > +tak_parse(X509 **x509, const char *fn, int talid, const unsigned char *der, > + size_t len) > { > struct parse p; > struct cert *cert = NULL; > -- :wq Claudio