Up to [local] / src / usr.sbin / rpki-client
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.34 / (download) - annotate - [select for diffs], Wed Feb 21 09:17:06 2024 UTC (3 months, 2 weeks ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.33: +61 -70 lines
Diff to previous 1.33 (colored)
rpki-client: remove the remaining struct parse With the exception of mft.c where there is an additional boolean, this struct carries a file name and a result. This means functions having struct parse in the signature can't be shared between files, which has been annoying. Simply pass file name and necessary info directly as a function parameter and add a small dance to handle the boolean in mft.c. ok job
Revision 1.33 / (download) - annotate - [select for diffs], Fri Feb 16 15:19:02 2024 UTC (3 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.32: +5 -5 lines
Diff to previous 1.32 (colored)
Rename fn into fileName to avoid name clash ok job
Revision 1.32 / (download) - annotate - [select for diffs], Fri Feb 16 15:15:02 2024 UTC (3 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.31: +8 -8 lines
Diff to previous 1.31 (colored)
Rename rsc into rsc_asn1 Should have been part of the previous commit. ok job
Revision 1.31 / (download) - annotate - [select for diffs], Tue Feb 13 22:44:21 2024 UTC (3 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.30: +8 -1 lines
Diff to previous 1.30 (colored)
Add explicit ASN1_ITEM_EXP prototypes In LibreSSL *_it are variables, in other implementations they might be a function. This helps squash compiler warnings in -portable. Related: https://github.com/openbsd/src/commit/65af98848fc7a42e34d470d10fc1db8e23f9db93 OK tb@
Revision 1.30 / (download) - annotate - [select for diffs], Mon Feb 5 19:23:58 2024 UTC (4 months ago) by job
Branch: MAIN
Changes since 1.29: +8 -1 lines
Diff to previous 1.29 (colored)
Check whether all data in eContent has been consumed It is possible that a given ASN.1 template generated d2i_*() function didn't consume all data, so there is a potential for malleability. The econtent is a sequence (which means it could be the concatenation of several DER "blobs"). d2i_*() would only deserialize the first one and not notice blobs following it. OK tb@
Revision 1.29 / (download) - annotate - [select for diffs], Fri Oct 13 12:06:49 2023 UTC (7 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.28: +2 -2 lines
Diff to previous 1.28 (colored)
Allow imposing constraints on RPKI trust anchors The ability to constrain a RPKI Trust Anchor's effective signing authority to a limited set of Internet Number Resources allows Relying Parties to enjoy the potential benefits of assuming trust, within a bounded scope. Some examples: ARIN does not support inter-RIR IPv6 transfers, so it wouldn't make any sense to see a ROA subordinate to ARIN's trust anchor covering RIPE-managed IPv6 space. Conversely, it wouldn't make sense to observe a ROA covering ARIN-managed IPv6 space under APNIC's, LACNIC's, or RIPE's trust anchor - even if a derived trust arc (a cryptographically valid certificate path) existed. Along these same lines, AFRINIC doesn't support inter-RIR transfers of any kind, and none of the RIRs have authority over private resources like 10.0.0.0/8 and 2001:db8::/32. For more background see: https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/ https://mailman.nanog.org/pipermail/nanog/2023-September/223354.html With and OK tb@, OK claudio@
Revision 1.28 / (download) - annotate - [select for diffs], Mon Sep 25 11:08:45 2023 UTC (8 months, 2 weeks ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.27: +3 -2 lines
Diff to previous 1.27 (colored)
Pass the talid to various parse functions This will be needed by an upcoming feature where we will need to know what trust anchor a given cert chains to. This doesn't change anything except the size of the diff. ok claudio job
Revision 1.27 / (download) - annotate - [select for diffs], Thu Jun 29 10:28:25 2023 UTC (11 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.26: +2 -3 lines
Diff to previous 1.26 (colored)
Retire log.c Convert all cryptowarnx() and cryptoerrx() to appropriate versions of warn() and err{,x}(). Neither users nor developers benefit from them. If we need better errors, we need to do some thinking. libcrypto won't do that for us. suggested by claudio ok job
Revision 1.26 / (download) - annotate - [select for diffs], Wed Jun 7 10:46:34 2023 UTC (12 months ago) by job
Branch: MAIN
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored)
In anticipation of a bump of the ASPA eContent profile version, update valid_econtent_version() to allow for non-zero versions. OK tb@
Revision 1.25 / (download) - annotate - [select for diffs], Sun Mar 12 13:31:39 2023 UTC (14 months, 4 weeks ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.24: +2 -2 lines
Diff to previous 1.24 (colored)
zap a tab
Revision 1.24 / (download) - annotate - [select for diffs], Sun Mar 12 11:46:35 2023 UTC (14 months, 4 weeks ago) by tb
Branch: MAIN
Changes since 1.23: +2 -2 lines
Diff to previous 1.23 (colored)
Initialize the local signtime variable in the individual *_parse() functions ok job
Revision 1.23 / (download) - annotate - [select for diffs], Fri Mar 10 12:44:56 2023 UTC (15 months ago) by job
Branch: MAIN
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored)
mechanical change, rename struct members to match the original X509 names OK tb@
Revision 1.22 / (download) - annotate - [select for diffs], Fri Mar 10 12:02:11 2023 UTC (15 months ago) by job
Branch: MAIN
Changes since 1.21: +4 -10 lines
Diff to previous 1.21 (colored)
Show the X.509 notBefore in filemode OK tb@
Revision 1.21 / (download) - annotate - [select for diffs], Thu Mar 9 15:40:41 2023 UTC (15 months ago) by job
Branch: MAIN
Changes since 1.20: +4 -2 lines
Diff to previous 1.20 (colored)
Fix segfault in filemode for RSC objects
Revision 1.20 / (download) - annotate - [select for diffs], Thu Mar 9 09:46:21 2023 UTC (15 months ago) by job
Branch: MAIN
Changes since 1.19: +3 -2 lines
Diff to previous 1.19 (colored)
Show CMS signing-time signed attribute in filemode OK tb@
Revision 1.19 / (download) - annotate - [select for diffs], Sat Nov 26 17:14:40 2022 UTC (18 months, 1 week ago) by job
Branch: MAIN
Changes since 1.18: +2 -2 lines
Diff to previous 1.18 (colored)
Make error messages about 'inherit' elements in End-Entity certs consistent OK tb@
Revision 1.18 / (download) - annotate - [select for diffs], Wed Nov 2 12:46:49 2022 UTC (19 months ago) by job
Branch: MAIN
Changes since 1.17: +6 -6 lines
Diff to previous 1.17 (colored)
Reference RSC RFC-to-be instead of internet-draft
Revision 1.17 / (download) - annotate - [select for diffs], Wed Nov 2 10:04:41 2022 UTC (19 months ago) by tb
Branch: MAIN
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored)
Fix x509_get_time() error checks Like most x509_* functions, x509_get_time() returns 0/1 on error/success, not -1/0. ok claudio job
Revision 1.16 / (download) - annotate - [select for diffs], Thu Oct 13 04:43:32 2022 UTC (19 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored)
All of ROA, MFT, ASPA, and RSC define their respective 'version' field in ASN.1 as following: "version [0] INTEGER DEFAULT 0,". Each object profile preamble contains "DEFINITIONS EXPLICIT TAGS ::=". We didn't bump into any issue yet, because all Signed Objects are at version 0, which means the field is entirely omitted (including the tag, be it implicit or explicit). (From X.690 section 11.5: "The encoding of a set value or a sequence value shall not include an encoding for any component value which is equal to its default value.") OK tb@
Revision 1.15 / (download) - annotate - [select for diffs], Sat Sep 3 14:40:09 2022 UTC (21 months ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.14: +6 -1 lines
Diff to previous 1.14 (colored)
Introduce x509_any_inherit() for objects which may not have inherit elements Unify conformance checking of Trust Anchors, ROAs, ASPAs, RSCs - none of which may have any 'inherit' elements in the RFC 3779 IP/AS Resources extension of the X509 certificate. OK tb@
Revision 1.14 / (download) - annotate - [select for diffs], Mon Aug 22 10:25:58 2022 UTC (21 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.13: +5 -2 lines
Diff to previous 1.13 (colored)
An RSC's EE cert mustn't have a SIA extension Explicitly forbidden in sections 2 and 5 of draft-ietf-sidrops-rpki-rsc-10. looks good to claudio
Revision 1.13 / (download) - annotate - [select for diffs], Fri Aug 19 12:45:53 2022 UTC (21 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.12: +10 -1 lines
Diff to previous 1.12 (colored)
Check the resources in ROAs and RSCs against EE certs The resources delegated in the RFC 3779 extensions of the EE cert for ROAs or RSCs can be a subset of the resources in the auth chain. So far we compared that the resources of ROAs and RSCs are covered by the auth chain, which is not entirely correct. Extract the necessary data from the EE cert into rpki-client's own data structures, then verify that the EE cert's resources cover the ones claimed in the ROA or RSC. Do this as part or ROA and RSC parsing, that the EE cert's resources are covered by the auth chain is checked in valid_x509() later on. All this is a bit more annoying and intrusive than it should be... ok claudio job
Revision 1.12 / (download) - annotate - [select for diffs], Fri Jun 10 10:41:09 2022 UTC (23 months, 4 weeks ago) by tb
Branch: MAIN
Changes since 1.11: +3 -2 lines
Diff to previous 1.11 (colored)
Unify error messages on d2i failure for econtent
Revision 1.11 / (download) - annotate - [select for diffs], Fri Jun 10 10:36:43 2022 UTC (23 months, 4 weeks ago) by tb
Branch: MAIN
Changes since 1.10: +3 -20 lines
Diff to previous 1.10 (colored)
Dedup econtent version checks Since the ASN.1 template conversions, we have three copies of mostly dead code that validates that the econtent version is at its default value 0. Until a new standard bumps this version and we decide to support that, we're better off with only one copy of this code. ok claudio
Revision 1.10 / (download) - annotate - [select for diffs], Sun Jun 5 13:31:35 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.9: +1 -6 lines
Diff to previous 1.9 (colored)
Revert accidentally committed check
Revision 1.9 / (download) - annotate - [select for diffs], Sat Jun 4 02:14:21 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.8: +7 -2 lines
Diff to previous 1.8 (colored)
KNF nit
Revision 1.8 / (download) - annotate - [select for diffs], Wed Jun 1 10:59:21 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.7: +7 -1 lines
Diff to previous 1.7 (colored)
Limit the number of RSC checklist FileNameAndHash entries the same way as mft FileAndHash entries are checked. ok claudio job
Revision 1.7 / (download) - annotate - [select for diffs], Tue May 31 18:51:35 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.6: +2 -1 lines
Diff to previous 1.6 (colored)
I made non-trivial contributions to these files.
Revision 1.6 / (download) - annotate - [select for diffs], Tue May 31 18:45:14 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.5: +73 -73 lines
Diff to previous 1.5 (colored)
Shuffle two helper functions down. This way the helper functions appear in the order they are used in rsc_parse_econtent().
Revision 1.5 / (download) - annotate - [select for diffs], Tue May 31 18:40:15 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.4: +222 -495 lines
Diff to previous 1.4 (colored)
Rewrite rsc.c using ASN.1 templates This implements the constrained versions of the RFC 3779 structures since OpenSSL's 3779 API doesn't expose IPAddrBlocks. This way we can also avoid extra checks after walking the structs. Use the previously exposed sbgp_as_{id,range}() and sbgp_addr{,_range}() to remove a lot of copy-pasted code. While parsing ConstrainedASIdentifiers allocate only once and for ConstrainedIPAddrBlocks allocate once per address family instead of doing a reallocation for each asid or prefix. This removes the last explicit use of ASN1_TYPE and ASN1_SEQUENCE_ANY from rpki-client. ok claudio job
Revision 1.4 / (download) - annotate - [select for diffs], Sun May 15 16:43:35 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.3: +5 -4 lines
Diff to previous 1.3 (colored)
More KNF and whitespace fixes.
Revision 1.3 / (download) - annotate - [select for diffs], Sun May 15 15:00:53 2022 UTC (2 years ago) by deraadt
Branch: MAIN
Changes since 1.2: +4 -4 lines
Diff to previous 1.2 (colored)
whitespace spotted during read-thru
Revision 1.2 / (download) - annotate - [select for diffs], Tue May 10 07:41:37 2022 UTC (2 years, 1 month ago) by tb
Branch: MAIN
Changes since 1.1: +11 -17 lines
Diff to previous 1.1 (colored)
Validate RSC filenames Factor out POSIX portable filename check into a new valid_filename() and rename the previous valid_filename() to valid_mft_filename(). Fixes and supersedes imcomplete checks in the RSC code. Avoids truncation via strndup() in case of embedded NULs. input/ok claudio
Revision 1.1 / (download) - annotate - [select for diffs], Mon May 9 17:02:34 2022 UTC (2 years, 1 month ago) by job
Branch: MAIN
Add preliminary support for decoding RSC objects in filemode This implements decoding support for draft-ietf-sidrops-rpki-rsc-06 There are three major outstanding issues: * The wire image might still change to conform to the more widely deployed 3779 API in libressl/openssl. IETF discussion ongoing. * Whether the resources listed in the ResourceBlock are contained within the EE's RFC 3779 extension is not hooked up yet. * There is a fair bit of duplicity between rsc.c and cert.c, look for XXX OK tb@