![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / rpki-client
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.45 / (download) - annotate - [select for diffs], Sat Jun 8 13:34:59 2024 UTC (6 hours, 5 minutes ago) by tb
Branch: MAIN
CVS Tags: HEAD
Changes since 1.44: +2 -2 lines
Diff to previous 1.44 (colored)
Improve the check for is_ta in filemode Instead of checking for EXFLAG_SS use the more accurate information we already gathered. ok job
Revision 1.44 / (download) - annotate - [select for diffs], Sat Jun 8 13:31:38 2024 UTC (6 hours, 8 minutes ago) by tb
Branch: MAIN
Changes since 1.43: +3 -2 lines
Diff to previous 1.43 (colored)
Improve x509_get_purpose()
Instead of only differentiating between CA and BGPsec Router certs,
make it recognize TA and EE certs as well. TAs and CAs have the cA
boolean in the basic constraints, while EE and BGPsec router certs
do not.
TAs are self-signed, CAs not self-issued, all other certs with the
cA boolean are invalid. EE certs do not have an extended key usage
and BGPsec certs contain the id-kp-bgpsec-router OID.
Handle the new purposes where needed.
ok job
Revision 1.43 / (download) - annotate - [select for diffs], Thu Jun 6 07:19:10 2024 UTC (2 days, 12 hours ago) by tb
Branch: MAIN
Changes since 1.42: +7 -2 lines
Diff to previous 1.42 (colored)
rpki-client: fix a crash in filemode For an expired TA, cert is freed and zeroed in file mode and cert_print() crashes. For such TAs (and otherwise invalid ones) expired and notafter become dangling pointers. Invalidate them and set them only for valid TA certs. with/ok claudio
Revision 1.42 / (download) - annotate - [select for diffs], Mon May 20 15:51:43 2024 UTC (2 weeks, 5 days ago) by claudio
Branch: MAIN
Changes since 1.41: +68 -32 lines
Diff to previous 1.41 (colored)
Instead of tracking certificates by SKI track them by an internal identifier. The certificate SKI is not strictly unique so using it as a unique id is problematic. It is also not really needed to do that since in theory we already know the path (but this got lost in the privsep communication). So add a cert id and pass this id back and forth between main process and the parser. With this id we can lookup the authentication chain in the parser and this even works with multiple paths to the same resource. Since we no longer lookup by SKI the valid_aki_ski function is replaced by find_issuer() which does the lookup by certid. The loop protection is now extended to allow each TAL to reach each file once but still triggers if a file is reaccessed by the tree of a TAL. In filemode the lookup now uses an AIA uri based lookup tree. Again this replaces the SKI based lookups from before. Done together with tb@ OK tb@ job@
Revision 1.41 / (download) - annotate - [select for diffs], Sun Apr 21 19:27:44 2024 UTC (6 weeks, 6 days ago) by claudio
Branch: MAIN
Changes since 1.40: +1 -3 lines
Diff to previous 1.40 (colored)
P-256 support is experimental so require -x to enable it. Also clean up the externs a little bit by moving experimental and noop to extern.h. Reminded by and OK tb@
Revision 1.40 / (download) - annotate - [select for diffs], Fri Mar 22 03:38:12 2024 UTC (2 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.39: +7 -7 lines
Diff to previous 1.39 (colored)
Replace protocol literal strings and strlen() calls with defined constants OK tb@ claudio@
Revision 1.39 / (download) - annotate - [select for diffs], Tue Mar 19 05:04:13 2024 UTC (2 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.38: +5 -5 lines
Diff to previous 1.38 (colored)
Rename parent to issuer in struct auth Parent is confusing and issuer is the appropriate terminology. This is a mechanical diff. The only remaining uses of 'parent' in this code base now mean 'parent process'. discussed with beck and job ok job
Revision 1.38 / (download) - annotate - [select for diffs], Thu Feb 22 12:49:42 2024 UTC (3 months, 2 weeks ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.37: +16 -1 lines
Diff to previous 1.37 (colored)
Add support for RPKI Signed Prefix Lists Signed Prefix List are a CMS protected content type for use with the RPKI to carry the complete list of prefixes which an Autonomous System may originate to all or any of its routing peers. The validation of a Signed Prefix List confirms that the holder of the listed ASN produced the object, and that this list is a current, accurate and complete description of address prefixes that may be announced into the routing system originated by this AS. https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-prefixlist with and OK claudio@ tb@
Revision 1.37 / (download) - annotate - [select for diffs], Tue Jan 23 09:32:57 2024 UTC (4 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.36: +2 -2 lines
Diff to previous 1.36 (colored)
Warn about overclaiming intermediate CAs, but don't error OK tb@
Revision 1.36 / (download) - annotate - [select for diffs], Fri Oct 13 12:06:49 2023 UTC (7 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.35: +13 -1 lines
Diff to previous 1.35 (colored)
Allow imposing constraints on RPKI trust anchors The ability to constrain a RPKI Trust Anchor's effective signing authority to a limited set of Internet Number Resources allows Relying Parties to enjoy the potential benefits of assuming trust, within a bounded scope. Some examples: ARIN does not support inter-RIR IPv6 transfers, so it wouldn't make any sense to see a ROA subordinate to ARIN's trust anchor covering RIPE-managed IPv6 space. Conversely, it wouldn't make sense to observe a ROA covering ARIN-managed IPv6 space under APNIC's, LACNIC's, or RIPE's trust anchor - even if a derived trust arc (a cryptographically valid certificate path) existed. Along these same lines, AFRINIC doesn't support inter-RIR transfers of any kind, and none of the RIRs have authority over private resources like 10.0.0.0/8 and 2001:db8::/32. For more background see: https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/ https://mailman.nanog.org/pipermail/nanog/2023-September/223354.html With and OK tb@, OK claudio@
Revision 1.35 / (download) - annotate - [select for diffs], Mon Sep 25 11:08:45 2023 UTC (8 months, 2 weeks ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.34: +8 -8 lines
Diff to previous 1.34 (colored)
Pass the talid to various parse functions This will be needed by an upcoming feature where we will need to know what trust anchor a given cert chains to. This doesn't change anything except the size of the diff. ok claudio job
Revision 1.34 / (download) - annotate - [select for diffs], Thu Jun 29 10:28:25 2023 UTC (11 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored)
Retire log.c
Convert all cryptowarnx() and cryptoerrx() to appropriate versions of
warn() and err{,x}(). Neither users nor developers benefit from them.
If we need better errors, we need to do some thinking. libcrypto won't
do that for us.
suggested by claudio
ok job
Revision 1.33 / (download) - annotate - [select for diffs], Tue May 30 16:02:28 2023 UTC (12 months, 1 week ago) by job
Branch: MAIN
Changes since 1.32: +3 -1 lines
Diff to previous 1.32 (colored)
Fixup file modification timestamps to optimize failover from RRDP to RSYNC In the RSYNC protocol a file's last modification time and its size are used to determine whether sending a (partial) copy over the wire is needed. Previously, when RRDP data structures are serialized to disk, the mtime of files in DIR_VALID ended up being UTIME_NOW. Thus, the mtimes of files obtained through RRDP will never match the mtimes of the same files available through RSYNC - causing each and every file to be added to the file transfer list. Instead, use the internal timestamps of RPKI files as the last modified timestamp. Specifically, for Signed Objects (ROAs, MFTs, GBRs, TAKs, ASPAs) the CMS signing-time, for .cer files the X.509 notBefore, and for .crl files the CRL lastUpdate. This results in a surprising optimization for the number files which have to be transfered. OK claudio@
Revision 1.32 / (download) - annotate - [select for diffs], Tue May 30 12:02:22 2023 UTC (12 months, 1 week ago) by claudio
Branch: MAIN
Changes since 1.31: +24 -21 lines
Diff to previous 1.31 (colored)
Convert all of filemode to use the json API as well. Output is mostly the same apart from some space differences. OK tb@ job@
Revision 1.31 / (download) - annotate - [select for diffs], Wed May 3 10:22:30 2023 UTC (13 months ago) by tb
Branch: MAIN
Changes since 1.30: +2 -1 lines
Diff to previous 1.30 (colored)
Fix a use-after-free in filemode In case the TAL of a self-signed is unavailable, cert would be freed but we'd still hold a reference to its expired time in expires, so invalidate that pointer as well. Found by, initial fix and ok job
Revision 1.30 / (download) - annotate - [select for diffs], Wed Apr 26 16:32:41 2023 UTC (13 months, 1 week ago) by claudio
Branch: MAIN
Changes since 1.29: +2 -1 lines
Diff to previous 1.29 (colored)
Improve accounting by tracking things by repo and tal. This fixes some wrong accounting for repositories that are referenced from more than one TAL. It changes the ometric lable output a little bit since there are repository metrics that no longer include the 'name' label. OK tb@
Revision 1.29 / (download) - annotate - [select for diffs], Wed Mar 15 11:09:34 2023 UTC (14 months, 3 weeks ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.28: +7 -1 lines
Diff to previous 1.28 (colored)
Show MFTs as part of the signature path no objection tb@
Revision 1.28 / (download) - annotate - [select for diffs], Mon Mar 13 21:01:06 2023 UTC (14 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.27: +2 -2 lines
Diff to previous 1.27 (colored)
Don't lookup the signature path's expiry for trust anchor certs
Revision 1.27 / (download) - annotate - [select for diffs], Mon Mar 13 20:55:14 2023 UTC (14 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.26: +4 -1 lines
Diff to previous 1.26 (colored)
In filemode, also print details for .cer certificates
Revision 1.26 / (download) - annotate - [select for diffs], Mon Mar 13 19:51:49 2023 UTC (14 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.25: +28 -7 lines
Diff to previous 1.25 (colored)
In filemode, display the moment the signature path will expire Previously this was only shown for ROA+ASPA. Now also show for GBR, Geofeed, Certs, RSC, and TAK. OK tb@
Revision 1.25 / (download) - annotate - [select for diffs], Mon Mar 13 18:02:58 2023 UTC (14 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.24: +30 -7 lines
Diff to previous 1.24 (colored)
In filemode for ROAs/ASPAs display when the Signature path will expire Also rename 'certification path' to 'signature path' for alignment OK tb@
Revision 1.24 / (download) - annotate - [select for diffs], Mon Mar 13 15:50:40 2023 UTC (14 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.23: +6 -6 lines
Diff to previous 1.23 (colored)
Merge calling print_certification_path() into adjacent else branch OK tb@
Revision 1.23 / (download) - annotate - [select for diffs], Mon Mar 13 13:42:01 2023 UTC (14 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.22: +32 -42 lines
Diff to previous 1.22 (colored)
Refactor whats printed when in filemode OK tb@
Revision 1.22 / (download) - annotate - [select for diffs], Sun Mar 12 12:11:45 2023 UTC (14 months, 4 weeks ago) by job
Branch: MAIN
Changes since 1.21: +41 -41 lines
Diff to previous 1.21 (colored)
Alphabetically sort various bits and pieces - mechanical change Might make later refactors easier to follow OK tb@
Revision 1.21 / (download) - annotate - [select for diffs], Tue Mar 7 14:49:32 2023 UTC (15 months ago) by job
Branch: MAIN
Changes since 1.20: +7 -3 lines
Diff to previous 1.20 (colored)
Improve decoded content printing in filemode Looks reasonable claudio@
Revision 1.20 / (download) - annotate - [select for diffs], Fri Mar 3 16:19:05 2023 UTC (15 months ago) by job
Branch: MAIN
Changes since 1.19: +34 -7 lines
Diff to previous 1.19 (colored)
In filemode, print the certification path towards the Trust Anchor with and OK tb@
Revision 1.19 / (download) - annotate - [select for diffs], Fri Jan 6 16:06:43 2023 UTC (17 months ago) by claudio
Branch: MAIN
Changes since 1.18: +2 -1 lines
Diff to previous 1.18 (colored)
Rework the main <-> parser/filemode communication protocol a bit. Swap repo_id and filename to simplify the code in parser.c. In filemode both repo_id and filename are ignored. Additionally do not errx() in case of unknown file types. Instead send back enough info that the code can move on. OK tb@
Revision 1.18 / (download) - annotate - [select for diffs], Tue Nov 29 10:33:09 2022 UTC (18 months, 1 week ago) by claudio
Branch: MAIN
Changes since 1.17: +13 -5 lines
Diff to previous 1.17 (colored)
Return an error string instead of surpressing the warning in valid_x509. This way manifests can should a better error message when something fails. With and OK tb@
Revision 1.17 / (download) - annotate - [select for diffs], Sat Nov 26 12:02:37 2022 UTC (18 months, 1 week ago) by job
Branch: MAIN
Changes since 1.16: +14 -1 lines
Diff to previous 1.16 (colored)
Add support for authenticating geofeed data CSV files in filemode RFC 9092 describes a scheme in which an authenticator is appended to a geofeed (RFC 8805) file. It is a digest of the main body of the file signed by the private key of the relevant RPKI certificate for a covering address range. The authenticator is a detached CMS signature. with and OK tb@
Revision 1.16 / (download) - annotate - [select for diffs], Fri Nov 4 17:39:36 2022 UTC (19 months ago) by job
Branch: MAIN
Changes since 1.15: +3 -3 lines
Diff to previous 1.15 (colored)
Format filemode output in a tabular fashion to improve readability OK tb@ claudio@
Revision 1.15 / (download) - annotate - [select for diffs], Wed Nov 2 12:43:02 2022 UTC (19 months ago) by job
Branch: MAIN
Changes since 1.14: +11 -1 lines
Diff to previous 1.14 (colored)
Add support for draft-ietf-sidrops-signed-tal-12 Add support validation of Signed Objects containing Trust Anchor Keys (TAKs - aka 'Signed TALs'). Signed TALs provide a mechanism for RIRs to distribute and sign the next Trust Anchor with the current Trust Anchor. This might be an improvement over visiting RIR websites and copy+pasting TAL data by hand. OK tb@
Revision 1.14 / (download) - annotate - [select for diffs], Tue Sep 6 11:16:51 2022 UTC (21 months ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.13: +5 -2 lines
Diff to previous 1.13 (colored)
Properly free memory in filemode OK tb@
Revision 1.13 / (download) - annotate - [select for diffs], Tue Aug 30 18:56:49 2022 UTC (21 months, 1 week ago) by job
Branch: MAIN
Changes since 1.12: +22 -3 lines
Diff to previous 1.12 (colored)
Add support for ASPA objects (draft-ietf-sidrops-aspa-profile-10) ASPA objects are published in the RPKI and can be used to detect and mitigate BGP route leaks. Validated ASPA Payloads are visible through filemode (-f) and the JSON output format (-j). With feedback from tb@ OK claudio@ tb@
Revision 1.12 / (download) - annotate - [select for diffs], Thu Aug 25 18:12:05 2022 UTC (21 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.11: +2 -3 lines
Diff to previous 1.11 (colored)
Make PEM printing available through increased verbosity (-vvf) Suggestion from claudio@ OK tb@
Revision 1.11 / (download) - annotate - [select for diffs], Thu Aug 25 17:31:26 2022 UTC (21 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.10: +23 -2 lines
Diff to previous 1.10 (colored)
In verbose filemode print details about encapsulated certificates. Add command line flag to print the certificate in PEM format. OK tb@
Revision 1.10 / (download) - annotate - [select for diffs], Thu Aug 25 17:11:34 2022 UTC (21 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.9: +3 -5 lines
Diff to previous 1.9 (colored)
Fix newline in JSON filemode OK tb@
Revision 1.9 / (download) - annotate - [select for diffs], Thu Aug 25 11:07:28 2022 UTC (21 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.8: +2 -1 lines
Diff to previous 1.8 (colored)
Plug memory leak in filemode OK tb@ claudio@
Revision 1.8 / (download) - annotate - [select for diffs], Fri Aug 19 12:45:53 2022 UTC (21 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.7: +3 -3 lines
Diff to previous 1.7 (colored)
Check the resources in ROAs and RSCs against EE certs The resources delegated in the RFC 3779 extensions of the EE cert for ROAs or RSCs can be a subset of the resources in the auth chain. So far we compared that the resources of ROAs and RSCs are covered by the auth chain, which is not entirely correct. Extract the necessary data from the EE cert into rpki-client's own data structures, then verify that the EE cert's resources cover the ones claimed in the ROA or RSC. Do this as part or ROA and RSC parsing, that the EE cert's resources are covered by the auth chain is checked in valid_x509() later on. All this is a bit more annoying and intrusive than it should be... ok claudio job
Revision 1.7 / (download) - annotate - [select for diffs], Wed May 11 14:42:01 2022 UTC (2 years ago) by job
Branch: MAIN
Changes since 1.6: +9 -2 lines
Diff to previous 1.6 (colored)
In filemode check whether ROA & RSC resources are properly contained with and OK tb@ claudio@
Revision 1.6 / (download) - annotate - [select for diffs], Mon May 9 17:02:34 2022 UTC (2 years, 1 month ago) by job
Branch: MAIN
Changes since 1.5: +10 -1 lines
Diff to previous 1.5 (colored)
Add preliminary support for decoding RSC objects in filemode This implements decoding support for draft-ietf-sidrops-rpki-rsc-06 There are three major outstanding issues: * The wire image might still change to conform to the more widely deployed 3779 API in libressl/openssl. IETF discussion ongoing. * Whether the resources listed in the ResourceBlock are contained within the EE's RFC 3779 extension is not hooked up yet. * There is a fair bit of duplicity between rsc.c and cert.c, look for XXX OK tb@
Revision 1.5 / (download) - annotate - [select for diffs], Sun Apr 24 22:26:44 2022 UTC (2 years, 1 month ago) by tb
Branch: MAIN
Changes since 1.4: +1 -2 lines
Diff to previous 1.4 (colored)
zap extra blank line
Revision 1.4 / (download) - annotate - [select for diffs], Sun Apr 24 18:19:52 2022 UTC (2 years, 1 month ago) by tb
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)
trailing whitespace
Revision 1.3 / (download) - annotate - [select for diffs], Sun Apr 24 12:25:25 2022 UTC (2 years, 1 month ago) by job
Branch: MAIN
Changes since 1.2: +17 -3 lines
Diff to previous 1.2 (colored)
In filemode emit the hash which uniquely identifies a given Signed Object RPKI Signed Objects are not malleable; this means the SHA256 digest of an input file containing a signed object is a very stable identifier to associate with the decoded (validated) output shown in filemode. The SHA256 in hash_id is base64 encoded (just like hashes on manifest listings). OK tb@
Revision 1.2 / (download) - annotate - [select for diffs], Thu Apr 21 12:59:03 2022 UTC (2 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.1: +49 -105 lines
Diff to previous 1.1 (colored)
Further refactor and cleanup filemode.c mainly remove the copies of proc_parser_cert_validate() and proc_parser_root_cert() adjust parse_load_certchain() and parse_load_ta() respectivly. Also cleanup the functions in parser.c and make it possible to call ta_parse and cert_parse with a NULL cert. OK tb@
Revision 1.1 / (download) - annotate - [select for diffs], Thu Apr 21 09:53:07 2022 UTC (2 years, 1 month ago) by claudio
Branch: MAIN
The filemode code is enough different from the regular parser code that it makes sense to totally split it out. Duplicate proc_parser_cert_validate() and proc_parser_root_cert() for now. The valid_x509() plus the required static functions are moved to validate.c. The crl_tree code moved into crl.c similar to the auth_tree handling in cert.c. All the proc functions are now tagged with __attribute(noreturn) which allows to remove the errx() after them. OK tb@