On Sat, Sep 23, 2023 at 12:59:48PM +0200, Theo Buehler wrote:
> This is a boring mechanical diff that splits some of the noise out of a
> larger diff that Job will send out and explain in detail soon. In itself
> it changes nothing. For a given product we will need to know the
> originating TA for additional checks in cert_parse_ee_cert().
>
> The callers of cert_parse_ee_cert() are *_parse(), except cert_parse()
> and crl_parse(), which are special anyway.
>
> In !filemode the talid is known to the caller of proc_parser_* (since
> struct entp contains it). proc_parser_* later recovers this info from
> struct auth returned by valid_ski_aki() but that's only possible after
> *_parse() was called.
>
> So pass the full struct entp * to proc_parser_*() instead of only the
> entp->mftaki and then pass entp->talid and entp->mftaki where needed.
>
> In filemode the talid is unknown at the point when *_parse() is called,
> so set it to -1 to indicate that.
>
> There are various other ways of achieving what Job's plan needs. For
> example, we could replace X509 ** with struct cert_ip ** in *_parse and
> do the check in proc_parser_* instead of cert_parse_ee_cert(). The
> resulting complexity is about the same and unless there are strong
> concerns or objections I'd like to do it the way below.
>
> Regress needs a trivial adjustment that I will commit at the same time.
I see nothing that speaks against this. OK claudio@
> Index: aspa.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/aspa.c,v
> retrieving revision 1.22
> diff -u -p -r1.22 aspa.c
> --- aspa.c 10 Jul 2023 12:02:37 -0000 1.22
> +++ aspa.c 23 Sep 2023 09:59:32 -0000
> @@ -159,7 +159,8 @@ aspa_parse_econtent(const unsigned char
> * Returns the payload or NULL if the file was malformed.
> */
> struct aspa *
> -aspa_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len)
> +aspa_parse(X509 **x509, const char *fn, int talid, const unsigned char *der,
> + size_t len)
> {
> struct parse p;
> size_t cmsz;
> Index: extern.h
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/extern.h,v
> retrieving revision 1.189
> diff -u -p -r1.189 extern.h
> --- extern.h 12 Sep 2023 09:33:30 -0000 1.189
> +++ extern.h 23 Sep 2023 09:59:32 -0000
> @@ -624,33 +624,33 @@ void cert_insert_brks(struct brk_tree
> enum rtype rtype_from_file_extension(const char *);
> void mft_buffer(struct ibuf *, const struct mft *);
> void mft_free(struct mft *);
> -struct mft *mft_parse(X509 **, const char *, const unsigned char *,
> +struct mft *mft_parse(X509 **, const char *, int, const unsigned char *,
> size_t);
> struct mft *mft_read(struct ibuf *);
> int mft_compare(const struct mft *, const struct mft *);
>
> void roa_buffer(struct ibuf *, const struct roa *);
> void roa_free(struct roa *);
> -struct roa *roa_parse(X509 **, const char *, const unsigned char *,
> +struct roa *roa_parse(X509 **, const char *, int, const unsigned char *,
> size_t);
> struct roa *roa_read(struct ibuf *);
> void roa_insert_vrps(struct vrp_tree *, struct roa *,
> struct repo *);
>
> void gbr_free(struct gbr *);
> -struct gbr *gbr_parse(X509 **, const char *, const unsigned char *,
> +struct gbr *gbr_parse(X509 **, const char *, int, const unsigned char *,
> size_t);
>
> void geofeed_free(struct geofeed *);
> -struct geofeed *geofeed_parse(X509 **, const char *, char *, size_t);
> +struct geofeed *geofeed_parse(X509 **, const char *, int, char *,
> size_t);
>
> void rsc_free(struct rsc *);
> -struct rsc *rsc_parse(X509 **, const char *, const unsigned char *,
> +struct rsc *rsc_parse(X509 **, const char *, int, const unsigned char *,
> size_t);
>
> void takey_free(struct takey *);
> void tak_free(struct tak *);
> -struct tak *tak_parse(X509 **, const char *, const unsigned char *,
> +struct tak *tak_parse(X509 **, const char *, int, const unsigned char *,
> size_t);
> struct tak *tak_read(struct ibuf *);
>
> @@ -658,7 +658,7 @@ void aspa_buffer(struct ibuf *, const
> void aspa_free(struct aspa *);
> void aspa_insert_vaps(struct vap_tree *, struct aspa *,
> struct repo *);
> -struct aspa *aspa_parse(X509 **, const char *, const unsigned char *,
> +struct aspa *aspa_parse(X509 **, const char *, int, const unsigned char *,
> size_t);
> struct aspa *aspa_read(struct ibuf *);
>
> Index: filemode.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/filemode.c,v
> retrieving revision 1.34
> diff -u -p -r1.34 filemode.c
> --- filemode.c 29 Jun 2023 10:28:25 -0000 1.34
> +++ filemode.c 23 Sep 2023 09:59:32 -0000
> @@ -346,7 +346,7 @@ proc_parser_file(char *file, unsigned ch
>
> switch (type) {
> case RTYPE_ASPA:
> - aspa = aspa_parse(&x509, file, buf, len);
> + aspa = aspa_parse(&x509, file, -1, buf, len);
> if (aspa == NULL)
> break;
> aia = aspa->aia;
> @@ -378,7 +378,7 @@ proc_parser_file(char *file, unsigned ch
> crl_print(crl);
> break;
> case RTYPE_MFT:
> - mft = mft_parse(&x509, file, buf, len);
> + mft = mft_parse(&x509, file, -1, buf, len);
> if (mft == NULL)
> break;
> aia = mft->aia;
> @@ -387,7 +387,7 @@ proc_parser_file(char *file, unsigned ch
> notafter = &mft->nextupdate;
> break;
> case RTYPE_GBR:
> - gbr = gbr_parse(&x509, file, buf, len);
> + gbr = gbr_parse(&x509, file, -1, buf, len);
> if (gbr == NULL)
> break;
> aia = gbr->aia;
> @@ -396,7 +396,7 @@ proc_parser_file(char *file, unsigned ch
> notafter = &gbr->notafter;
> break;
> case RTYPE_GEOFEED:
> - geofeed = geofeed_parse(&x509, file, buf, len);
> + geofeed = geofeed_parse(&x509, file, -1, buf, len);
> if (geofeed == NULL)
> break;
> aia = geofeed->aia;
> @@ -405,7 +405,7 @@ proc_parser_file(char *file, unsigned ch
> notafter = &geofeed->notafter;
> break;
> case RTYPE_ROA:
> - roa = roa_parse(&x509, file, buf, len);
> + roa = roa_parse(&x509, file, -1, buf, len);
> if (roa == NULL)
> break;
> aia = roa->aia;
> @@ -414,7 +414,7 @@ proc_parser_file(char *file, unsigned ch
> notafter = &roa->notafter;
> break;
> case RTYPE_RSC:
> - rsc = rsc_parse(&x509, file, buf, len);
> + rsc = rsc_parse(&x509, file, -1, buf, len);
> if (rsc == NULL)
> break;
> aia = rsc->aia;
> @@ -423,7 +423,7 @@ proc_parser_file(char *file, unsigned ch
> notafter = &rsc->notafter;
> break;
> case RTYPE_TAK:
> - tak = tak_parse(&x509, file, buf, len);
> + tak = tak_parse(&x509, file, -1, buf, len);
> if (tak == NULL)
> break;
> aia = tak->aia;
> Index: gbr.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/gbr.c,v
> retrieving revision 1.27
> diff -u -p -r1.27 gbr.c
> --- gbr.c 20 Jun 2023 12:39:50 -0000 1.27
> +++ gbr.c 23 Sep 2023 09:59:32 -0000
> @@ -40,7 +40,8 @@ extern ASN1_OBJECT *gbr_oid;
> * Returns the payload or NULL if the document was malformed.
> */
> struct gbr *
> -gbr_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len)
> +gbr_parse(X509 **x509, const char *fn, int talid, const unsigned char *der,
> + size_t len)
> {
> struct parse p;
> struct cert *cert = NULL;
> Index: geofeed.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/geofeed.c,v
> retrieving revision 1.13
> diff -u -p -r1.13 geofeed.c
> --- geofeed.c 10 Mar 2023 12:44:56 -0000 1.13
> +++ geofeed.c 23 Sep 2023 09:59:32 -0000
> @@ -100,7 +100,7 @@ geofeed_parse_geoip(struct geofeed *res,
> * Returns the Geofeed, or NULL if the object was malformed.
> */
> struct geofeed *
> -geofeed_parse(X509 **x509, const char *fn, char *buf, size_t len)
> +geofeed_parse(X509 **x509, const char *fn, int talid, char *buf, size_t len)
> {
> struct parse p;
> char *delim, *line, *loc, *nl;
> Index: mft.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/mft.c,v
> retrieving revision 1.97
> diff -u -p -r1.97 mft.c
> --- mft.c 3 Sep 2023 10:48:50 -0000 1.97
> +++ mft.c 23 Sep 2023 09:59:32 -0000
> @@ -358,7 +358,8 @@ mft_parse_econtent(const unsigned char *
> * The MFT content is otherwise returned.
> */
> struct mft *
> -mft_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len)
> +mft_parse(X509 **x509, const char *fn, int talid, const unsigned char *der,
> + size_t len)
> {
> struct parse p;
> struct cert *cert = NULL;
> Index: parser.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/parser.c,v
> retrieving revision 1.98
> diff -u -p -r1.98 parser.c
> --- parser.c 30 Aug 2023 10:01:52 -0000 1.98
> +++ parser.c 23 Sep 2023 09:59:32 -0000
> @@ -126,7 +126,7 @@ parse_filepath(unsigned int repoid, cons
> */
> static struct roa *
> proc_parser_roa(char *file, const unsigned char *der, size_t len,
> - const char *mftaki)
> + const struct entity *entp)
> {
> struct roa *roa;
> struct auth *a;
> @@ -134,10 +134,10 @@ proc_parser_roa(char *file, const unsign
> X509 *x509;
> const char *errstr;
>
> - if ((roa = roa_parse(&x509, file, der, len)) == NULL)
> + if ((roa = roa_parse(&x509, file, entp->talid, der, len)) == NULL)
> return NULL;
>
> - a = valid_ski_aki(file, &auths, roa->ski, roa->aki, mftaki);
> + a = valid_ski_aki(file, &auths, roa->ski, roa->aki, entp->mftaki);
> crl = crl_get(&crlt, a);
>
> if (!valid_x509(file, ctx, x509, a, crl, &errstr)) {
> @@ -276,7 +276,7 @@ proc_parser_mft_pre(struct entity *entp,
> if (der == NULL && errno != ENOENT)
> warn("parse file %s", *file);
>
> - if ((mft = mft_parse(&x509, *file, der, len)) == NULL) {
> + if ((mft = mft_parse(&x509, *file, entp->talid, der, len)) == NULL) {
> free(der);
> return NULL;
> }
> @@ -493,7 +493,7 @@ proc_parser_root_cert(char *file, const
> */
> static struct gbr *
> proc_parser_gbr(char *file, const unsigned char *der, size_t len,
> - const char *mftaki)
> + const struct entity *entp)
> {
> struct gbr *gbr;
> X509 *x509;
> @@ -501,10 +501,10 @@ proc_parser_gbr(char *file, const unsign
> struct auth *a;
> const char *errstr;
>
> - if ((gbr = gbr_parse(&x509, file, der, len)) == NULL)
> + if ((gbr = gbr_parse(&x509, file, entp->talid, der, len)) == NULL)
> return NULL;
>
> - a = valid_ski_aki(file, &auths, gbr->ski, gbr->aki, mftaki);
> + a = valid_ski_aki(file, &auths, gbr->ski, gbr->aki, entp->mftaki);
> crl = crl_get(&crlt, a);
>
> /* return value can be ignored since nothing happens here */
> @@ -526,7 +526,7 @@ proc_parser_gbr(char *file, const unsign
> */
> static struct aspa *
> proc_parser_aspa(char *file, const unsigned char *der, size_t len,
> - const char *mftaki)
> + const struct entity *entp)
> {
> struct aspa *aspa;
> struct auth *a;
> @@ -534,10 +534,10 @@ proc_parser_aspa(char *file, const unsig
> X509 *x509;
> const char *errstr;
>
> - if ((aspa = aspa_parse(&x509, file, der, len)) == NULL)
> + if ((aspa = aspa_parse(&x509, file, entp->talid, der, len)) == NULL)
> return NULL;
>
> - a = valid_ski_aki(file, &auths, aspa->ski, aspa->aki, mftaki);
> + a = valid_ski_aki(file, &auths, aspa->ski, aspa->aki, entp->mftaki);
> crl = crl_get(&crlt, a);
>
> if (!valid_x509(file, ctx, x509, a, crl, &errstr)) {
> @@ -560,7 +560,7 @@ proc_parser_aspa(char *file, const unsig
> */
> static struct tak *
> proc_parser_tak(char *file, const unsigned char *der, size_t len,
> - const char *mftaki)
> + const struct entity *entp)
> {
> struct tak *tak;
> X509 *x509;
> @@ -569,10 +569,10 @@ proc_parser_tak(char *file, const unsign
> const char *errstr;
> int rc = 0;
>
> - if ((tak = tak_parse(&x509, file, der, len)) == NULL)
> + if ((tak = tak_parse(&x509, file, entp->talid, der, len)) == NULL)
> return NULL;
>
> - a = valid_ski_aki(file, &auths, tak->ski, tak->aki, mftaki);
> + a = valid_ski_aki(file, &auths, tak->ski, tak->aki, entp->mftaki);
> crl = crl_get(&crlt, a);
>
> if (!valid_x509(file, ctx, x509, a, crl, &errstr)) {
> @@ -729,7 +729,7 @@ parse_entity(struct entityq *q, struct m
> case RTYPE_ROA:
> file = parse_load_file(entp, &f, &flen);
> io_str_buffer(b, file);
> - roa = proc_parser_roa(file, f, flen, entp->mftaki);
> + roa = proc_parser_roa(file, f, flen, entp);
> if (roa != NULL)
> mtime = roa->signtime;
> io_simple_buffer(b, &mtime, sizeof(mtime));
> @@ -742,7 +742,7 @@ parse_entity(struct entityq *q, struct m
> case RTYPE_GBR:
> file = parse_load_file(entp, &f, &flen);
> io_str_buffer(b, file);
> - gbr = proc_parser_gbr(file, f, flen, entp->mftaki);
> + gbr = proc_parser_gbr(file, f, flen, entp);
> if (gbr != NULL)
> mtime = gbr->signtime;
> io_simple_buffer(b, &mtime, sizeof(mtime));
> @@ -751,7 +751,7 @@ parse_entity(struct entityq *q, struct m
> case RTYPE_ASPA:
> file = parse_load_file(entp, &f, &flen);
> io_str_buffer(b, file);
> - aspa = proc_parser_aspa(file, f, flen, entp->mftaki);
> + aspa = proc_parser_aspa(file, f, flen, entp);
> if (aspa != NULL)
> mtime = aspa->signtime;
> io_simple_buffer(b, &mtime, sizeof(mtime));
> @@ -764,7 +764,7 @@ parse_entity(struct entityq *q, struct m
> case RTYPE_TAK:
> file = parse_load_file(entp, &f, &flen);
> io_str_buffer(b, file);
> - tak = proc_parser_tak(file, f, flen, entp->mftaki);
> + tak = proc_parser_tak(file, f, flen, entp);
> if (tak != NULL)
> mtime = tak->signtime;
> io_simple_buffer(b, &mtime, sizeof(mtime));
> Index: roa.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/roa.c,v
> retrieving revision 1.69
> diff -u -p -r1.69 roa.c
> --- roa.c 29 Jun 2023 10:28:25 -0000 1.69
> +++ roa.c 23 Sep 2023 09:59:32 -0000
> @@ -208,7 +208,8 @@ roa_parse_econtent(const unsigned char *
> * Returns the ROA or NULL if the document was malformed.
> */
> struct roa *
> -roa_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len)
> +roa_parse(X509 **x509, const char *fn, int talid, const unsigned char *der,
> + size_t len)
> {
> struct parse p;
> size_t cmsz;
> Index: rsc.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/rsc.c,v
> retrieving revision 1.27
> diff -u -p -r1.27 rsc.c
> --- rsc.c 29 Jun 2023 10:28:25 -0000 1.27
> +++ rsc.c 23 Sep 2023 09:59:32 -0000
> @@ -371,7 +371,8 @@ rsc_parse_econtent(const unsigned char *
> * Returns the RSC or NULL if the object was malformed.
> */
> struct rsc *
> -rsc_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len)
> +rsc_parse(X509 **x509, const char *fn, int talid, const unsigned char *der,
> + size_t len)
> {
> struct parse p;
> unsigned char *cms;
> Index: tak.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/tak.c,v
> retrieving revision 1.11
> diff -u -p -r1.11 tak.c
> --- tak.c 29 Jun 2023 10:28:25 -0000 1.11
> +++ tak.c 23 Sep 2023 09:59:32 -0000
> @@ -225,7 +225,8 @@ tak_parse_econtent(const unsigned char *
> * Returns the TAK or NULL if the object was malformed.
> */
> struct tak *
> -tak_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len)
> +tak_parse(X509 **x509, const char *fn, int talid, const unsigned char *der,
> + size_t len)
> {
> struct parse p;
> struct cert *cert = NULL;
>
--
:wq Claudio
