Up to [local] / src / usr.sbin / rpki-client
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.78 / (download) - annotate - [select for diffs], Fri May 24 12:57:20 2024 UTC (8 days, 8 hours ago) by tb
Branch: MAIN
CVS Tags: HEAD
Changes since 1.77: +5 -5 lines
Diff to previous 1.77 (colored)
Update references to new and not quite so new RFCs Four warnings now contain "RFC 9582" rather than "RFC 6482bis". Also update some references to I-Ds. ok claudio
Revision 1.77 / (download) - annotate - [select for diffs], Wed Feb 21 09:17:06 2024 UTC (3 months, 1 week ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.76: +43 -53 lines
Diff to previous 1.76 (colored)
rpki-client: remove the remaining struct parse With the exception of mft.c where there is an additional boolean, this struct carries a file name and a result. This means functions having struct parse in the signature can't be shared between files, which has been annoying. Simply pass file name and necessary info directly as a function parameter and add a small dance to handle the boolean in mft.c. ok job
Revision 1.76 / (download) - annotate - [select for diffs], Fri Feb 16 15:13:49 2024 UTC (3 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.75: +8 -8 lines
Diff to previous 1.75 (colored)
Use _asn1 suffix for some aspa/mft/roa/rsc/tak This would otherwie clash with an upcoming replacement of struct parse. ok job
Revision 1.75 / (download) - annotate - [select for diffs], Fri Feb 16 11:55:42 2024 UTC (3 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.74: +2 -2 lines
Diff to previous 1.74 (colored)
fix whitespace
Revision 1.74 / (download) - annotate - [select for diffs], Tue Feb 13 22:44:21 2024 UTC (3 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.73: +5 -1 lines
Diff to previous 1.73 (colored)
Add explicit ASN1_ITEM_EXP prototypes In LibreSSL *_it are variables, in other implementations they might be a function. This helps squash compiler warnings in -portable. Related: https://github.com/openbsd/src/commit/65af98848fc7a42e34d470d10fc1db8e23f9db93 OK tb@
Revision 1.73 / (download) - annotate - [select for diffs], Mon Feb 5 19:23:58 2024 UTC (3 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.72: +8 -1 lines
Diff to previous 1.72 (colored)
Check whether all data in eContent has been consumed It is possible that a given ASN.1 template generated d2i_*() function didn't consume all data, so there is a potential for malleability. The econtent is a sequence (which means it could be the concatenation of several DER "blobs"). d2i_*() would only deserialize the first one and not notice blobs following it. OK tb@
Revision 1.72 / (download) - annotate - [select for diffs], Thu Dec 14 07:52:53 2023 UTC (5 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.71: +27 -4 lines
Diff to previous 1.71 (colored)
rpki-client: make IP address block checks stricter There are only two valid AFIs in this context, so check that we have one or two of them. We only accept the IPv4 and IPv6 AFIs in ip_add_afi_parse() and reject any SAFI, so enforce that neither AFI is repeated. This doesn't change things for certificates, where all this is implied by other checks combined. Making this explicit and match the logic needed for ROAs is a win. looks good to job ok claudio
Revision 1.71 / (download) - annotate - [select for diffs], Fri Oct 13 12:06:49 2023 UTC (7 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.70: +2 -2 lines
Diff to previous 1.70 (colored)
Allow imposing constraints on RPKI trust anchors The ability to constrain a RPKI Trust Anchor's effective signing authority to a limited set of Internet Number Resources allows Relying Parties to enjoy the potential benefits of assuming trust, within a bounded scope. Some examples: ARIN does not support inter-RIR IPv6 transfers, so it wouldn't make any sense to see a ROA subordinate to ARIN's trust anchor covering RIPE-managed IPv6 space. Conversely, it wouldn't make sense to observe a ROA covering ARIN-managed IPv6 space under APNIC's, LACNIC's, or RIPE's trust anchor - even if a derived trust arc (a cryptographically valid certificate path) existed. Along these same lines, AFRINIC doesn't support inter-RIR transfers of any kind, and none of the RIRs have authority over private resources like 10.0.0.0/8 and 2001:db8::/32. For more background see: https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/ https://mailman.nanog.org/pipermail/nanog/2023-September/223354.html With and OK tb@, OK claudio@
Revision 1.70 / (download) - annotate - [select for diffs], Mon Sep 25 11:08:45 2023 UTC (8 months, 1 week ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.69: +3 -2 lines
Diff to previous 1.69 (colored)
Pass the talid to various parse functions This will be needed by an upcoming feature where we will need to know what trust anchor a given cert chains to. This doesn't change anything except the size of the diff. ok claudio job
Revision 1.69 / (download) - annotate - [select for diffs], Thu Jun 29 10:28:25 2023 UTC (11 months ago) by tb
Branch: MAIN
Changes since 1.68: +2 -2 lines
Diff to previous 1.68 (colored)
Retire log.c Convert all cryptowarnx() and cryptoerrx() to appropriate versions of warn() and err{,x}(). Neither users nor developers benefit from them. If we need better errors, we need to do some thinking. libcrypto won't do that for us. suggested by claudio ok job
Revision 1.68 / (download) - annotate - [select for diffs], Wed Jun 7 10:46:34 2023 UTC (11 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.67: +2 -2 lines
Diff to previous 1.67 (colored)
In anticipation of a bump of the ASPA eContent profile version, update valid_econtent_version() to allow for non-zero versions. OK tb@
Revision 1.67 / (download) - annotate - [select for diffs], Tue May 23 06:42:08 2023 UTC (12 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.66: +11 -9 lines
Diff to previous 1.66 (colored)
Convert ASN1_INTEGER_get() to ASN1_INTEGER_get_uint64() The former is broken by design and should not be used. The latter allows for unambiguous error checking. Add a few casts to print uint64_t without the PRIu64 monstrosity. ok claudio
Revision 1.66 / (download) - annotate - [select for diffs], Wed Apr 26 16:32:41 2023 UTC (13 months ago) by claudio
Branch: MAIN
Changes since 1.65: +8 -7 lines
Diff to previous 1.65 (colored)
Improve accounting by tracking things by repo and tal. This fixes some wrong accounting for repositories that are referenced from more than one TAL. It changes the ometric lable output a little bit since there are repository metrics that no longer include the 'name' label. OK tb@
Revision 1.65 / (download) - annotate - [select for diffs], Sun Mar 12 11:54:56 2023 UTC (14 months, 3 weeks ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.64: +4 -4 lines
Diff to previous 1.64 (colored)
Refactor expiration calculation Unify common code paths which find the exact expiry moment into a new helper function. Additionally, the new helper offers more accuracy by checking more applicable CRLs whether their 'nextupdate' is 'sooner'. tb@ noted: The helper adds a multiplier of log(#crls), but that's certainly acceptable as it is still very cheap. OK tb@
Revision 1.64 / (download) - annotate - [select for diffs], Sun Mar 12 11:46:35 2023 UTC (14 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.63: +2 -2 lines
Diff to previous 1.63 (colored)
Initialize the local signtime variable in the individual *_parse() functions ok job
Revision 1.63 / (download) - annotate - [select for diffs], Fri Mar 10 12:44:56 2023 UTC (14 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.62: +5 -5 lines
Diff to previous 1.62 (colored)
mechanical change, rename struct members to match the original X509 names OK tb@
Revision 1.62 / (download) - annotate - [select for diffs], Fri Mar 10 12:02:11 2023 UTC (14 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.61: +3 -9 lines
Diff to previous 1.61 (colored)
Show the X.509 notBefore in filemode OK tb@
Revision 1.61 / (download) - annotate - [select for diffs], Thu Mar 9 18:53:24 2023 UTC (14 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.60: +2 -3 lines
Diff to previous 1.60 (colored)
Unwrap a few lines and zap a tab
Revision 1.60 / (download) - annotate - [select for diffs], Thu Mar 9 09:46:21 2023 UTC (14 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.59: +5 -2 lines
Diff to previous 1.59 (colored)
Show CMS signing-time signed attribute in filemode OK tb@
Revision 1.59 / (download) - annotate - [select for diffs], Thu Dec 15 12:02:29 2022 UTC (17 months, 2 weeks ago) by claudio
Branch: MAIN
Changes since 1.58: +13 -5 lines
Diff to previous 1.58 (colored)
Rework statistic collection to be per repository and add metric output option Many statistic values are now accounted by repository via repo_stat_inc() At end of the run sum_stats() accumulates these stats per TAL and globally. The new output file metrics is written when the -m output flag is specified. The metrics file is written in OpenMetrics format (with a few tweaks to allow node_exporter to parse the file as well). The ometric code is a copy from bgpctl(8) and should be kept in sync. OK tb@
Revision 1.58 / (download) - annotate - [select for diffs], Tue Nov 29 20:41:32 2022 UTC (18 months ago) by job
Branch: MAIN
Changes since 1.57: +1 -2 lines
Diff to previous 1.57 (colored)
Only include stdarg.h, if we call any of va_{start,end}() OK tb@
Revision 1.57 / (download) - annotate - [select for diffs], Sat Nov 26 17:14:40 2022 UTC (18 months ago) by job
Branch: MAIN
Changes since 1.56: +2 -2 lines
Diff to previous 1.56 (colored)
Make error messages about 'inherit' elements in End-Entity certs consistent OK tb@
Revision 1.56 / (download) - annotate - [select for diffs], Wed Nov 9 18:17:23 2022 UTC (18 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.55: +10 -2 lines
Diff to previous 1.55 (colored)
Error out if a ROA payload contains too many ipAddrBlocks The ASN.1 profile in draft-ietf-sidrops-rfc6482bis section 4 specifies that there must not be more than 2 ipAddrBlocks (one for IPv4, and one for IPv6). Compatible with all published ROAs. OK tb@
Revision 1.55 / (download) - annotate - [select for diffs], Fri Nov 4 09:43:13 2022 UTC (18 months, 4 weeks ago) by job
Branch: MAIN
Changes since 1.54: +7 -3 lines
Diff to previous 1.54 (colored)
Check the SIA signedObject in ROA/MFT/ASPA/TAK/GBR EE certificates Unfortunately we can't yet error out when accessMethods other than signedObject are encountered in the SubjectInformationAccess extension because there is pollution in the ecosystem. OK tb@
Revision 1.54 / (download) - annotate - [select for diffs], Wed Nov 2 10:04:41 2022 UTC (18 months, 4 weeks ago) by tb
Branch: MAIN
Changes since 1.53: +2 -2 lines
Diff to previous 1.53 (colored)
Fix x509_get_time() error checks Like most x509_* functions, x509_get_time() returns 0/1 on error/success, not -1/0. ok claudio job
Revision 1.53 / (download) - annotate - [select for diffs], Thu Oct 13 04:43:32 2022 UTC (19 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.52: +2 -2 lines
Diff to previous 1.52 (colored)
All of ROA, MFT, ASPA, and RSC define their respective 'version' field in ASN.1 as following: "version [0] INTEGER DEFAULT 0,". Each object profile preamble contains "DEFINITIONS EXPLICIT TAGS ::=". We didn't bump into any issue yet, because all Signed Objects are at version 0, which means the field is entirely omitted (including the tag, be it implicit or explicit). (From X.690 section 11.5: "The encoding of a set value or a sequence value shall not include an encoding for any component value which is equal to its default value.") OK tb@
Revision 1.52 / (download) - annotate - [select for diffs], Sat Sep 3 14:40:09 2022 UTC (20 months, 4 weeks ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.51: +6 -1 lines
Diff to previous 1.51 (colored)
Introduce x509_any_inherit() for objects which may not have inherit elements Unify conformance checking of Trust Anchors, ROAs, ASPAs, RSCs - none of which may have any 'inherit' elements in the RFC 3779 IP/AS Resources extension of the X509 certificate. OK tb@
Revision 1.51 / (download) - annotate - [select for diffs], Tue Aug 30 18:56:49 2022 UTC (21 months ago) by job
Branch: MAIN
Changes since 1.50: +3 -1 lines
Diff to previous 1.50 (colored)
Add support for ASPA objects (draft-ietf-sidrops-aspa-profile-10) ASPA objects are published in the RPKI and can be used to detect and mitigate BGP route leaks. Validated ASPA Payloads are visible through filemode (-f) and the JSON output format (-j). With feedback from tb@ OK claudio@ tb@
Revision 1.50 / (download) - annotate - [select for diffs], Fri Aug 19 12:45:53 2022 UTC (21 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.49: +18 -7 lines
Diff to previous 1.49 (colored)
Check the resources in ROAs and RSCs against EE certs The resources delegated in the RFC 3779 extensions of the EE cert for ROAs or RSCs can be a subset of the resources in the auth chain. So far we compared that the resources of ROAs and RSCs are covered by the auth chain, which is not entirely correct. Extract the necessary data from the EE cert into rpki-client's own data structures, then verify that the EE cert's resources cover the ones claimed in the ROA or RSC. Do this as part or ROA and RSC parsing, that the EE cert's resources are covered by the auth chain is checked in valid_x509() later on. All this is a bit more annoying and intrusive than it should be... ok claudio job
Revision 1.49 / (download) - annotate - [select for diffs], Wed Aug 10 14:54:03 2022 UTC (21 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.48: +2 -2 lines
Diff to previous 1.48 (colored)
Clarify warning related to ROA eContent
Revision 1.48 / (download) - annotate - [select for diffs], Wed Aug 10 14:37:33 2022 UTC (21 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.47: +6 -1 lines
Diff to previous 1.47 (colored)
Disallow AS Resources extension on ROA EE certificates The ROA specification (RFC 6482 section 4) is a bit underspecified, however in the wild the RFC 3779 AS Resources extension never ever appears on ROA EE certificates, as it serves no purpose in the validation process. OK tb@
Revision 1.47 / (download) - annotate - [select for diffs], Fri Jun 10 10:36:43 2022 UTC (23 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.46: +3 -20 lines
Diff to previous 1.46 (colored)
Dedup econtent version checks Since the ASN.1 template conversions, we have three copies of mostly dead code that validates that the econtent version is at its default value 0. Until a new standard bumps this version and we decide to support that, we're better off with only one copy of this code. ok claudio
Revision 1.46 / (download) - annotate - [select for diffs], Tue May 31 18:51:35 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.45: +2 -1 lines
Diff to previous 1.45 (colored)
I made non-trivial contributions to these files.
Revision 1.45 / (download) - annotate - [select for diffs], Mon May 23 14:10:18 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.44: +2 -2 lines
Diff to previous 1.44 (colored)
Improve #ifdefs for STACK_OF() helpers. Discussed with claudio
Revision 1.44 / (download) - annotate - [select for diffs], Thu May 19 07:33:02 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.43: +2 -2 lines
Diff to previous 1.43 (colored)
Adjust or remove some stale comments
Revision 1.43 / (download) - annotate - [select for diffs], Thu May 19 06:37:51 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.42: +132 -254 lines
Diff to previous 1.42 (colored)
Rewrite mft.c and roa.c with ASN.1 templates The ASN.1 templates are a rather direct translation of the ASN.1 in the relevant RFCs and they allow deserializing the Manifest and ROA eContent in a single step instead of numerous opaque d2i_ASN1_SEQUENCE_ANY() calls. Once the eContent is deserialized, we can walk the structs, validate it as before and populate the internal data structures. Positive feedback job ok claudio
Revision 1.42 / (download) - annotate - [select for diffs], Sun May 15 16:43:35 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.41: +1 -2 lines
Diff to previous 1.41 (colored)
More KNF and whitespace fixes.
Revision 1.41 / (download) - annotate - [select for diffs], Tue May 10 07:28:43 2022 UTC (2 years ago) by job
Branch: MAIN
Changes since 1.40: +9 -5 lines
Diff to previous 1.40 (colored)
Improve control flow readability by removing 'else if' stanzas OK tb@ claudio@
Revision 1.40 / (download) - annotate - [select for diffs], Mon Apr 25 10:52:09 2022 UTC (2 years, 1 month ago) by job
Branch: MAIN
Changes since 1.39: +2 -2 lines
Diff to previous 1.39 (colored)
Fix spelling error in warnx() Thanks Marco D'Itri
Revision 1.17.2.2 / (download) - annotate - [select for diffs], Sun Apr 10 07:37:52 2022 UTC (2 years, 1 month ago) by tb
Branch: OPENBSD_6_9
Changes since 1.17.2.1: +3 -3 lines
Diff to previous 1.17.2.1 (colored) to branchpoint 1.17 (colored) next main 1.18 (colored)
All times in the x509 are UTC so use timegm() and not mktime(). The latter will apply the timezone offset and so the further west the more probable you are to have problems with valid_from times. Fix from tb@ OK job@, benno@ and claudio@ this is errata/6.9/036_rpki.patch.sig
Revision 1.25.4.2 / (download) - annotate - [select for diffs], Sun Apr 10 07:37:27 2022 UTC (2 years, 1 month ago) by tb
Branch: OPENBSD_7_0
Changes since 1.25.4.1: +3 -3 lines
Diff to previous 1.25.4.1 (colored) to branchpoint 1.25 (colored) next main 1.26 (colored)
All times in the x509 are UTC so use timegm() and not mktime(). The latter will apply the timezone offset and so the further west the more probable you are to have problems with valid_from times. Fix from tb@ OK job@, benno@ and claudio@ this is errata/7.0/020_rpki.patch.sig
Revision 1.39 / (download) - annotate - [select for diffs], Fri Apr 1 17:22:07 2022 UTC (2 years, 2 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.38: +7 -4 lines
Diff to previous 1.38 (colored)
Change x509_get_aki(), x509_get_ski(), x509_get_aia(), and x509_get_crl() to work more like x509_get_expire(). They will return an error if the extension extraction failed but not if it was not present. The callers must now do that check but most did already. With this cert_parse_inner() no longer cares about TA vs non-TA certs. Feedback and OK tb@
Revision 1.38 / (download) - annotate - [select for diffs], Thu Feb 10 15:33:47 2022 UTC (2 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.37: +2 -9 lines
Diff to previous 1.37 (colored)
Implement some code to print crls with -f. For this introduce x509_get_time() that converts a ASN1_TIME to time_t. Also move time2str() to print.c where it makes more sense. This needs more work but that will happen in tree. OK tb@
Revision 1.37 / (download) - annotate - [select for diffs], Tue Jan 18 16:29:06 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.36: +1 -1 lines
Diff to previous 1.36 (colored)
More fixing. Previous revert was incomplete.
Revision 1.36 / (download) - annotate - [select for diffs], Tue Jan 18 16:18:22 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.35: +2 -2 lines
Diff to previous 1.35 (colored)
Kill extra newline
Revision 1.35 / (download) - annotate - [select for diffs], Tue Jan 18 13:06:43 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.34: +2 -10 lines
Diff to previous 1.34 (colored)
Cleanup the scattered OBJ_txt2obj() calls and move them into x509_init_oid() to initalize all necessary OID objects at start. OK tb@
Revision 1.34 / (download) - annotate - [select for diffs], Wed Dec 22 08:44:15 2021 UTC (2 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.33: +4 -3 lines
Diff to previous 1.33 (colored)
The maxlength is optional in roa entries. By setting it to the address prefixlen before looking for the optional maxlength attribute the code can be simplified and a ternary expression can be removed. OK tb@ job@
Revision 1.33 / (download) - annotate - [select for diffs], Fri Dec 3 12:56:19 2021 UTC (2 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.32: +6 -1 lines
Diff to previous 1.32 (colored)
Apply the same MAX_IP_SIZE limit to ROA files as it is done on certificates. OK job@ tb@
Revision 1.17.2.1 / (download) - annotate - [select for diffs], Tue Nov 9 13:41:19 2021 UTC (2 years, 6 months ago) by benno
Branch: OPENBSD_6_9
Changes since 1.17: +99 -80 lines
Diff to previous 1.17 (colored)
rpki-client(8) should handle CA misbehaviours as soft-errors. This is a merge of usr.sbin/rpki-client and usr.bin/rsync from current and includes all commits in rpki-client 7.5 up to Tue Nov 9 11:03:40 2021 and to openrsync up to Wed Nov 3 14:42:13 2021, including: * Make rpki-client more resilient regarding untrusted input: - fail repository synchronisation after 15min runtime - limit the number of publication points per TAL - don't allow DOCTYPE definitions in RRDP XML files - fix detection of HTTP redirect loops. * limit the number of concurrent rsync processes. * fix CRLF in tal files. This is patches/6.9/common/021_rpki.patch.sig
Revision 1.25.4.1 / (download) - annotate - [select for diffs], Tue Nov 9 13:40:32 2021 UTC (2 years, 6 months ago) by benno
Branch: OPENBSD_7_0
Changes since 1.25: +27 -49 lines
Diff to previous 1.25 (colored)
rpki-client(8) should handle CA misbehaviours as soft-errors. This is a merge of usr.sbin/rpki-client and usr.bin/rsync from current and includes all commits in rpki-client 7.5 up to Tue Nov 9 11:03:40 2021 and to openrsync up to Wed Nov 3 14:42:13 2021, including: * Make rpki-client more resilient regarding untrusted input: - fail repository synchronisation after 15min runtime - limit the number of publication points per TAL - don't allow DOCTYPE definitions in RRDP XML files - fix detection of HTTP redirect loops. * limit the number of concurrent rsync processes. * fix CRLF in tal files. This is patches/7.0/common/004_rpki.patch.sig
Revision 1.32 / (download) - annotate - [select for diffs], Fri Nov 5 10:50:41 2021 UTC (2 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.31: +3 -19 lines
Diff to previous 1.31 (colored)
Simplify how IP addresses and AS numbers are passed between processes. Since they are stored in an array just blast the full array in and out of the io buffers at once instead of iterating element by element. It also allows to remove a lot of extra code. OK benno@ job@
Revision 1.31 / (download) - annotate - [select for diffs], Thu Nov 4 11:32:55 2021 UTC (2 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.30: +15 -20 lines
Diff to previous 1.30 (colored)
Instead of passing tal descriptions around just pass a tal id and use a small lookup table to print the description in the output path. OK tb@
Revision 1.30 / (download) - annotate - [select for diffs], Thu Oct 28 09:02:19 2021 UTC (2 years, 7 months ago) by beck
Branch: MAIN
Changes since 1.29: +3 -4 lines
Diff to previous 1.29 (colored)
Don't exit in certain cases on failures to parse x509 objects. In most cases we already warn and continue if someone sends us malformed x509 objects. This makes this consistent behaviour in all places so that if someone passes in bogus X509, We end up failing their entry and continuing rather than exiting. We still exit on memory/system failures so that a future run of rpki client can simply do better when the machine is perhaps less hammered on ok job@ claudio@
Revision 1.29 / (download) - annotate - [select for diffs], Wed Oct 27 21:56:58 2021 UTC (2 years, 7 months ago) by beck
Branch: MAIN
Changes since 1.28: +2 -2 lines
Diff to previous 1.28 (colored)
Add limits on size of certain untrusted inputs ok job@
Revision 1.28 / (download) - annotate - [select for diffs], Tue Oct 26 10:52:50 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.27: +3 -3 lines
Diff to previous 1.27 (colored)
Change CMS and CRL d2i functions from their BIO version to passing the der buffer instead. The file are loaded early in the entity processing loop. OK tb@
Revision 1.27 / (download) - annotate - [select for diffs], Sat Oct 23 16:06:04 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.26: +15 -15 lines
Diff to previous 1.26 (colored)
Finnally move away from blocking reads in rpki-client. The code was a mish mash of poll, non-blocking writes and blocking reads. Using the introduced ibuf size header in io_buf_new()/io_buf_close() the read side can be changed to pull in a full ibuf and only start the un-marshal once all data has been read. OK benno@
Revision 1.26 / (download) - annotate - [select for diffs], Thu Oct 7 08:28:45 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored)
mktime() may not properly set errno on error. Just use errx() instead. Noticed by benno@, OK tb@
Revision 1.25 / (download) - annotate - [select for diffs], Thu Sep 9 14:15:49 2021 UTC (2 years, 8 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE
Branch point for: OPENBSD_7_0
Changes since 1.24: +10 -3 lines
Diff to previous 1.24 (colored)
Rework how various OIDs are compared in the code. Instead of converting the ASN1_OBJECT into a string and comparing the strings, convert the string into an ASN1_OBJECT once and then compare these objects with OBJ_cmp(). Makes the code a bit easier to read and removes some repetitive conversions. With input and OK tb@
Revision 1.24 / (download) - annotate - [select for diffs], Wed Sep 8 16:37:20 2021 UTC (2 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.23: +7 -5 lines
Diff to previous 1.23 (colored)
The number of elements being processed is known upfront. So allocate the storage needed outside of the loop. This reduces the number of recallocarray calls. OK tb@
Revision 1.23 / (download) - annotate - [select for diffs], Sun Aug 1 22:29:49 2021 UTC (2 years, 10 months ago) by job
Branch: MAIN
Changes since 1.22: +3 -8 lines
Diff to previous 1.22 (colored)
%i is going out of vogue, use %d instead also clean up a comment OK tb@
Revision 1.22 / (download) - annotate - [select for diffs], Wed Jul 28 12:32:14 2021 UTC (2 years, 10 months ago) by job
Branch: MAIN
Changes since 1.21: +15 -13 lines
Diff to previous 1.21 (colored)
Add more checks for ROA maxLength values * maxLength may not be zero or negative * maxLength can't be lower than the prefixlength of ip_addr * maxLength can't be higher than the maximum prefix length OK claudio@
Revision 1.21 / (download) - annotate - [select for diffs], Tue Jul 13 18:39:39 2021 UTC (2 years, 10 months ago) by job
Branch: MAIN
Changes since 1.20: +19 -6 lines
Diff to previous 1.20 (colored)
Add more checks for eContent 'version' fields. Input from deraadt@, tb@, claudio@ OK deraadt@ claudio@ tb@
Revision 1.20 / (download) - annotate - [select for diffs], Mon Jun 14 12:08:50 2021 UTC (2 years, 11 months ago) by job
Branch: MAIN
Changes since 1.19: +4 -20 lines
Diff to previous 1.19 (colored)
Fix ROA & MFT version check handling This check was incomplete: to correctly verify the ASN1 INTEGER holding the version component, first the context specific explicit tag would need to be checked. However, the X.690 spec (section 11.5) states that if the one should not encode a component if it is the default value. There are no RFCs specifying new versions of ROA or MFT, so checking the content of the version component should be skipped entirely. Thus if the version component is present, something is wrong.
Revision 1.19 / (download) - annotate - [select for diffs], Tue May 11 11:32:51 2021 UTC (3 years ago) by claudio
Branch: MAIN
Changes since 1.18: +2 -1 lines
Diff to previous 1.18 (colored)
Before calling ASN1_time_parse() initialize the struct tm. While recent libressl version initalise the struct tm properly older versions did not and so -portable runs into problem on systems with older libressl versions installed. Problem found by job@ OK tb@
Revision 1.18 / (download) - annotate - [select for diffs], Thu May 6 17:03:57 2021 UTC (3 years ago) by job
Branch: MAIN
Changes since 1.17: +43 -6 lines
Diff to previous 1.17 (colored)
Add an 'expires' column to CSV & JSON output The 'expires' value contains a reasonable earliest moment a VRP would expire, in light of the currently available set of CAs and CRLs. The 'expires' value can be used to avoid route selection based on stale data when generating VRP sets, when faced with loss of communication between consumer and valdiator, or validator and CA repository. OK claudio@
Revision 1.17 / (download) - annotate - [select for diffs], Mon Mar 29 06:50:44 2021 UTC (3 years, 2 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE
Branch point for: OPENBSD_6_9
Changes since 1.16: +10 -3 lines
Diff to previous 1.16 (colored)
Inline x509_get_extensions() and remove it Since aia, aki and ski are all represented by char *, this is an error-prone interface - as found by job. The function doesn't do much anyway. ok claudio
Revision 1.16 / (download) - annotate - [select for diffs], Sat Mar 27 18:12:15 2021 UTC (3 years, 2 months ago) by job
Branch: MAIN
Changes since 1.15: +3 -3 lines
Diff to previous 1.15 (colored)
Send arguments in alphabetical order OK tb@
Revision 1.15 / (download) - annotate - [select for diffs], Fri Feb 19 12:18:23 2021 UTC (3 years, 3 months ago) by tb
Branch: MAIN
Changes since 1.14: +3 -4 lines
Diff to previous 1.14 (colored)
Convert reallocarray + memset to recallocarray. ok claudio
Revision 1.14 / (download) - annotate - [select for diffs], Tue Feb 16 07:58:30 2021 UTC (3 years, 3 months ago) by job
Branch: MAIN
Changes since 1.13: +7 -3 lines
Diff to previous 1.13 (colored)
get Authority Information Access (AIA) from CA & EE certs In the context of the RPKI, the AIA extension identifies the publication point of the certificate of the issuer of the certificate in which the extension appears. A single reference to the publication point of the immediate superior certificate MUST be present, except for a "self-signed" certificate. Thanks tb@ for review OK claudio@
Revision 1.13 / (download) - annotate - [select for diffs], Thu Feb 4 08:58:19 2021 UTC (3 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.12: +4 -1 lines
Diff to previous 1.12 (colored)
Eventhough most openssl includes include everything try to be a bit more explicit about what is used where. Seems to be the least worst solution.
Revision 1.12 / (download) - annotate - [select for diffs], Fri Jan 29 10:13:16 2021 UTC (3 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.11: +4 -6 lines
Diff to previous 1.11 (colored)
A while ago rpki-client was changed to validate the sha256 hashes of files referenced in MFT files during the validation of the MFT file. An MFT is only valid if all files are present and their hashes are valid. Because of this there is no longer the need to check the hash when these files are parsed later on. Remove these checks for CRT, ROA and CRL files. Use the presence of the pkey when parsing cert files to decide if it is a root cert or not. OK tb@
Revision 1.11 / (download) - annotate - [select for diffs], Fri Jan 8 08:09:07 2021 UTC (3 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.10: +13 -17 lines
Diff to previous 1.10 (colored)
Start using the ibuf API (ibuf_dynamic, ibuf_add, ibuf_close) for writing data between processes. This completely decouples the write side. rpki-client can't really use the imsg framework but it can use the ibuf bits wich imsg is built on. OK benno@ job@
Revision 1.10 / (download) - annotate - [select for diffs], Mon Dec 21 11:35:55 2020 UTC (3 years, 5 months ago) by claudio
Branch: MAIN
Changes since 1.9: +3 -1 lines
Diff to previous 1.9 (colored)
Now that a NULL string is marshalled as NULL again we can drop some extra has_xyz integers to indicate if the following buffer is present or not. At the same time sprinkle some asserts for strings which must be not NULL. OK tb@
Revision 1.9 / (download) - annotate - [select for diffs], Sat Sep 12 15:46:48 2020 UTC (3 years, 8 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.8: +1 -3 lines
Diff to previous 1.8 (colored)
Include openssl/x509.h in extern.h since it uses a few of the typedefs from there in structs and prototypes. Remove the openssl/ssl.h and other strange openssl includes in the .c files that don't use openssl specific functions. OK beck@ and tb@
Revision 1.8 / (download) - annotate - [select for diffs], Fri Nov 29 05:14:11 2019 UTC (4 years, 6 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.7: +7 -7 lines
Diff to previous 1.7 (colored)
not a backout commit s/EXIT_FAILURE/1/ ok claudio@
Revision 1.7 / (download) - annotate - [select for diffs], Mon Nov 18 08:38:27 2019 UTC (4 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.6: +6 -1 lines
Diff to previous 1.6 (colored)
Add and fix some comments. From kristaps@
Revision 1.6 / (download) - annotate - [select for diffs], Wed Oct 16 17:37:46 2019 UTC (4 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.5: +3 -2 lines
Diff to previous 1.5 (colored)
Set the maxlength to either the prefixlen itself or the value from the ROA. This way maxlength will always be set to a reasonable value and there is no need to use a conditional to print the value.
Revision 1.5 / (download) - annotate - [select for diffs], Tue Oct 8 10:04:36 2019 UTC (4 years, 7 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.4: +69 -1 lines
Diff to previous 1.4 (colored)
Rewrite the output handling of rpki-client and add an option to dump the data in JSON format. To make the JSON output the same as the output of the RIPE rpki-validator the basename of the TAL had to be added and passed around in rpki-client. Additinally the VRPs are now stored in an RB tree in the main process instead of keeping them per ROA object. This changes the sort order to be in network order and no longer just lexographical. Agreed by job@ deraadt@
Revision 1.4 / (download) - annotate - [select for diffs], Wed Jun 19 16:30:37 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.3: +1 -1 lines
Diff to previous 1.3 (colored)
use $OpenBSD$ headers
Revision 1.3 / (download) - annotate - [select for diffs], Wed Jun 19 04:21:43 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.2: +66 -74 lines
Diff to previous 1.2 (colored)
indentation adjustments, in particular near warn statements ok claudio
Revision 1.2 / (download) - annotate - [select for diffs], Mon Jun 17 15:04:59 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.1: +1 -2 lines
Diff to previous 1.1 (colored)
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Mon Jun 17 14:31:31 2019 UTC (4 years, 11 months ago) by job
Branch: job
CVS Tags: job_20190617
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)
Import Kristaps Dzonsons' RPKI validator into the tree rpki-client(1) is an implementation of the Resource Public Key Infrastructure (RPKI), specified by RFC 6480. The client is responsible for downloading, validating and converting Route Origin Authorisations (ROAs) into Validated ROA Payloads (VRPs). The client's output (VRPs) can be used by bgpd(8) to perform BGP Origin Validation (RFC 6811). The current rpki-client(1) version depends on the CMS functions in OpenSSL, this of course needs to be addressed urgently. Thanks to NetNod, IIS.SE, SUNET & 6connect for supporting this effort! OK deraadt@
Revision 1.1 / (download) - annotate - [select for diffs], Mon Jun 17 14:31:31 2019 UTC (4 years, 11 months ago) by job
Branch: MAIN
Initial revision