![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / rpki-client
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.74 / (download) - annotate - [select for diffs], Mon May 20 15:51:43 2024 UTC (3 weeks ago) by claudio
Branch: MAIN
CVS Tags: HEAD
Changes since 1.73: +1 -47 lines
Diff to previous 1.73 (colored)
Instead of tracking certificates by SKI track them by an internal identifier. The certificate SKI is not strictly unique so using it as a unique id is problematic. It is also not really needed to do that since in theory we already know the path (but this got lost in the privsep communication). So add a cert id and pass this id back and forth between main process and the parser. With this id we can lookup the authentication chain in the parser and this even works with multiple paths to the same resource. Since we no longer lookup by SKI the valid_aki_ski function is replaced by find_issuer() which does the lookup by certid. The loop protection is now extended to allow each TAL to reach each file once but still triggers if a file is reaccessed by the tree of a TAL. In filemode the lookup now uses an AIA uri based lookup tree. Again this replaces the SKI based lookups from before. Done together with tb@ OK tb@ job@
Revision 1.73 / (download) - annotate - [select for diffs], Tue Mar 19 05:04:13 2024 UTC (2 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.72: +5 -5 lines
Diff to previous 1.72 (colored)
Rename parent to issuer in struct auth Parent is confusing and issuer is the appropriate terminology. This is a mechanical diff. The only remaining uses of 'parent' in this code base now mean 'parent process'. discussed with beck and job ok job
Revision 1.72 / (download) - annotate - [select for diffs], Thu Feb 22 12:49:42 2024 UTC (3 months, 2 weeks ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.71: +17 -1 lines
Diff to previous 1.71 (colored)
Add support for RPKI Signed Prefix Lists Signed Prefix List are a CMS protected content type for use with the RPKI to carry the complete list of prefixes which an Autonomous System may originate to all or any of its routing peers. The validation of a Signed Prefix List confirms that the holder of the listed ASN produced the object, and that this list is a current, accurate and complete description of address prefixes that may be announced into the routing system originated by this AS. https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-prefixlist with and OK claudio@ tb@
Revision 1.71 / (download) - annotate - [select for diffs], Thu Feb 1 15:11:38 2024 UTC (4 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.70: +2 -2 lines
Diff to previous 1.70 (colored)
Normalize the nid printing OBJ_nid2* can return NULL if the gloriously consistent objects.txt database doesn't specify a long or a short name. So try the long name first, fall back to the short name, and if both fail, use "unknown". Always include the nid as a decimal. ok claudio
Revision 1.70 / (download) - annotate - [select for diffs], Sun Jan 7 09:48:03 2024 UTC (5 months ago) by tb
Branch: MAIN
Changes since 1.69: +26 -1 lines
Diff to previous 1.69 (colored)
rpki-client: print revocation time in filemode If a certificate was revoked, extract the revocation timestamp and update the warning message in filemode to include it. ok job
Revision 1.69 / (download) - annotate - [select for diffs], Wed Dec 27 07:15:55 2023 UTC (5 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.68: +5 -60 lines
Diff to previous 1.68 (colored)
Rework the warnings on internet resources Unify the printing of warnings about AS numbers and IP address blocks to use a call to as_warn() and ip_warn(). Fix a bug in the latter where the upper bound of an IP range didn't take the RFC 3779 encoding into account and passed the address directly to inet_pton() rather than filling the missing bits with 1. Switch the argument order to match the warnings and tweak some warning messages. ok claudio job
Revision 1.68 / (download) - annotate - [select for diffs], Thu Oct 19 17:05:55 2023 UTC (7 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.67: +55 -14 lines
Diff to previous 1.67 (colored)
Add experimental support for secp256r1 aka P-256 aka prime256v1 ECDSA signatures are much smaller than RSA signatures while offering similar security. Adding support for P-256 now allows CA developers to test their implementations, and paving the way for signers in the production environment in the future to take advantage of ECDSA. OK tb@
Revision 1.67 / (download) - annotate - [select for diffs], Mon Sep 25 08:48:14 2023 UTC (8 months, 2 weeks ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.66: +58 -42 lines
Diff to previous 1.66 (colored)
Introduce ip_addr_range_print() to avoid code repetition OK tb@
Revision 1.66 / (download) - annotate - [select for diffs], Thu Jun 29 10:28:25 2023 UTC (11 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.65: +5 -5 lines
Diff to previous 1.65 (colored)
Retire log.c
Convert all cryptowarnx() and cryptoerrx() to appropriate versions of
warn() and err{,x}(). Neither users nor developers benefit from them.
If we need better errors, we need to do some thinking. libcrypto won't
do that for us.
suggested by claudio
ok job
Revision 1.65 / (download) - annotate - [select for diffs], Wed Jun 7 11:09:08 2023 UTC (12 months ago) by tb
Branch: MAIN
Changes since 1.64: +7 -3 lines
Diff to previous 1.64 (colored)
Cosmetic tweak for previous Once we expect ASPA version 1 and someone sends us version 0, make that explicit instead of complaining about ASN1_INTEGER_get_uint64() failing. ok job
Revision 1.64 / (download) - annotate - [select for diffs], Wed Jun 7 10:46:34 2023 UTC (12 months ago) by job
Branch: MAIN
Changes since 1.63: +12 -8 lines
Diff to previous 1.63 (colored)
In anticipation of a bump of the ASPA eContent profile version, update valid_econtent_version() to allow for non-zero versions. OK tb@
Revision 1.63 / (download) - annotate - [select for diffs], Tue May 30 12:14:48 2023 UTC (12 months, 1 week ago) by claudio
Branch: MAIN
Changes since 1.62: +2 -2 lines
Diff to previous 1.62 (colored)
Revert commitid ANSBO0rBvIUtTi45: Make rpki-client choose the verification time of the time it is invoked rather than always getting the current system time for every certificate verification. This will result in output that is not variable on run-time. Using the time of invocation does not work well with fast publishing CAs. It can take a few minutes to reach a repo and that CA may have issued certificates that are not yet valid if that startup time of rpki-client is used to validate. This still keeps the -P option to specify a fixed validation time. OK beck@ job@ tb@
Revision 1.62 / (download) - annotate - [select for diffs], Tue May 23 06:42:08 2023 UTC (12 months, 2 weeks ago) by tb
Branch: MAIN
Changes since 1.61: +6 -5 lines
Diff to previous 1.61 (colored)
Convert ASN1_INTEGER_get() to ASN1_INTEGER_get_uint64() The former is broken by design and should not be used. The latter allows for unambiguous error checking. Add a few casts to print uint64_t without the PRIu64 monstrosity. ok claudio
Revision 1.45.2.1 / (download) - annotate - [select for diffs], Wed May 17 19:24:06 2023 UTC (12 months, 3 weeks ago) by tb
Branch: OPENBSD_7_2
Changes since 1.45: +3 -1 lines
Diff to previous 1.45 (colored) next main 1.46 (colored)
In valid_cert() also skip the check for CERT_IP_INHERIT objects like it is done for CERT_AS_INHERIT. Without this inheritance of IP address resources does not work. Problem noticed by Ties de Kock (tdekock (at) ripe.net) OK job@ tb@ benno@ from claudio This is errata/7.2/025_rpki.patch
Revision 1.55.4.1 / (download) - annotate - [select for diffs], Wed May 17 19:23:05 2023 UTC (12 months, 3 weeks ago) by tb
Branch: OPENBSD_7_3
Changes since 1.55: +3 -1 lines
Diff to previous 1.55 (colored) next main 1.56 (colored)
In valid_cert() also skip the check for CERT_IP_INHERIT objects like it is done for CERT_AS_INHERIT. Without this inheritance of IP address resources does not work. Problem noticed by Ties de Kock (tdekock (at) ripe.net) OK job@ tb@ benno@ from claudio This is errata/7.3/003_rpki.patch.sig
Revision 1.61 / (download) - annotate - [select for diffs], Thu May 11 14:05:31 2023 UTC (13 months ago) by claudio
Branch: MAIN
Changes since 1.60: +3 -1 lines
Diff to previous 1.60 (colored)
In valid_cert() also skip the check for CERT_IP_INHERIT objects like it is done for CERT_AS_INHERIT. Without this inheritance of IP address resources does not work. Problem noticed by Ties de Kock (tdekock (at) ripe.net) OK job@ tb@ benno@
Revision 1.60 / (download) - annotate - [select for diffs], Tue May 9 10:34:32 2023 UTC (13 months ago) by tb
Branch: MAIN
Changes since 1.59: +33 -13 lines
Diff to previous 1.59 (colored)
rpki-client: use partial chains in certificate validation The generally rather poor quality RFC 3779 code in libcrypto also performs abysmally. Flame graphs show that nearly 20% of the parser process is spent in addr_contains() alone. There is room for improvement in addr_contains() itself - the containment check for prefixes could be optimized quite a bit. We can avoid a lot of the most expensive work for certificates with tons of resources close to the TA by using the verifier's partial chains flag. More precisely, in the tree of already validated certs look for the first one that has no inherited RFC 3779 resources and use that as 'trust anchor' for our chains via the X509_V_FLAG_PARTIAL_CHAIN flag. This way we can be sure that a leaf's delegated resources are properly covered and at the same time significantly shorten most paths validated. Job's and my testing indicates that this avoids 30-50% of overhead and works equally well with LibreSSL and OpenSSL >= 1.1. The main bottlenecks in the parser process now appear to be SHA-2 and RSA/BIGNUM, two well-known pain points in libcrypto. This is based on a hint by beck and was discussed extensively with beck, claudio and job during and after m2k23. ok claudio job
Revision 1.59 / (download) - annotate - [select for diffs], Thu Apr 27 08:37:53 2023 UTC (13 months, 2 weeks ago) by beck
Branch: MAIN
Changes since 1.58: +2 -2 lines
Diff to previous 1.58 (colored)
Make rpki-client choose the verification time of the time it is invoked rather than always getting the current system time for every certificate verification. This will result in output that is not variable on run-time. ok tb@ claudio@
Revision 1.58 / (download) - annotate - [select for diffs], Wed Apr 26 22:05:28 2023 UTC (13 months, 2 weeks ago) by beck
Branch: MAIN
Changes since 1.57: +2 -1 lines
Diff to previous 1.57 (colored)
Add a -P option to rpki-client to specify the evaluation time This is intended to be able to test rpki-client in a reproducable way without worrying about the system time changing the results ok claudio@
Revision 1.57 / (download) - annotate - [select for diffs], Fri Apr 14 00:23:16 2023 UTC (13 months, 4 weeks ago) by tb
Branch: MAIN
Changes since 1.56: +2 -2 lines
Diff to previous 1.56 (colored)
A tab snuck in
Revision 1.56 / (download) - annotate - [select for diffs], Thu Apr 13 17:04:02 2023 UTC (13 months, 4 weeks ago) by job
Branch: MAIN
Changes since 1.55: +12 -5 lines
Diff to previous 1.55 (colored)
Check whether products listed on a manifest were issued by the same authority as the manifest itself OK tb@
Revision 1.55 / (download) - annotate - [select for diffs], Mon Mar 6 16:04:52 2023 UTC (15 months ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE
Branch point for: OPENBSD_7_3
Changes since 1.54: +42 -1 lines
Diff to previous 1.54 (colored)
Add check for RSA key pair modulus & public exponent Both the SPKI inside a CA's .cer TBS section and Signers wrapped in CMS must be RSA, with mod 2048 & (e) 0x10001 OK tb@
Revision 1.54 / (download) - annotate - [select for diffs], Wed Jan 18 18:12:20 2023 UTC (16 months, 3 weeks ago) by job
Branch: MAIN
Changes since 1.53: +1 -3 lines
Diff to previous 1.53 (colored)
Require version 4 UUIDs as RRDP session IDs OK tb@
Revision 1.53 / (download) - annotate - [select for diffs], Wed Jan 18 00:27:10 2023 UTC (16 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.52: +2 -1 lines
Diff to previous 1.52 (colored)
rpki-client: explicitly enable policy checks In x509_verify.c r1.62, beck disabled policy checks by default in the new X.509 verifier to match the behavior of the legacy validator and OpenSSL. In order to keep policy checks as mandated by RFC 7318, we need to opt into them explicitly. ok beck
Revision 1.52 / (download) - annotate - [select for diffs], Wed Jan 4 14:22:43 2023 UTC (17 months ago) by claudio
Branch: MAIN
Changes since 1.51: +44 -1 lines
Diff to previous 1.51 (colored)
Validate the session_id to be a real UUID. RFC 8182 requires the session_id to be a version 4 random UUID (using variant 1). Now checking the version and variant is currently disabled because there is at least one CA with a session_id that is all random and therefor the version check triggers there. Joint work with job@. OK job@, tb@
Revision 1.51 / (download) - annotate - [select for diffs], Wed Nov 30 08:17:21 2022 UTC (18 months, 1 week ago) by job
Branch: MAIN
Changes since 1.50: +1 -3 lines
Diff to previous 1.50 (colored)
Remove unused sys/socket.h include OK claudio@
Revision 1.50 / (download) - annotate - [select for diffs], Tue Nov 29 20:41:32 2022 UTC (18 months, 1 week ago) by job
Branch: MAIN
Changes since 1.49: +1 -2 lines
Diff to previous 1.49 (colored)
Only include stdarg.h, if we call any of va_{start,end}()
OK tb@
Revision 1.49 / (download) - annotate - [select for diffs], Tue Nov 29 11:45:03 2022 UTC (18 months, 1 week ago) by claudio
Branch: MAIN
Changes since 1.48: +4 -4 lines
Diff to previous 1.48 (colored)
Update valid_x509 comment to reality. crl is no longer optional. OK tb@
Revision 1.48 / (download) - annotate - [select for diffs], Tue Nov 29 10:33:09 2022 UTC (18 months, 1 week ago) by claudio
Branch: MAIN
Changes since 1.47: +7 -6 lines
Diff to previous 1.47 (colored)
Return an error string instead of surpressing the warning in valid_x509. This way manifests can should a better error message when something fails. With and OK tb@
Revision 1.47 / (download) - annotate - [select for diffs], Sat Nov 26 12:02:37 2022 UTC (18 months, 2 weeks ago) by job
Branch: MAIN
Changes since 1.46: +26 -1 lines
Diff to previous 1.46 (colored)
Add support for authenticating geofeed data CSV files in filemode RFC 9092 describes a scheme in which an authenticator is appended to a geofeed (RFC 8805) file. It is a digest of the main body of the file signed by the private key of the relevant RPKI certificate for a covering address range. The authenticator is a detached CMS signature. with and OK tb@
Revision 1.46 / (download) - annotate - [select for diffs], Wed Nov 2 11:28:36 2022 UTC (19 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.45: +3 -1 lines
Diff to previous 1.45 (colored)
Length check URI before strncasecmp() A priori URI is not NUL terminated, so we should first check it is long enough before comparing it against proto. As a side effect, this now rejects "https://" and "rsync://", which are invalid due to the missing host in the authority section. ok claudio
Revision 1.45 / (download) - annotate - [select for diffs], Sat Sep 3 14:41:47 2022 UTC (21 months, 1 week ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE
Branch point for: OPENBSD_7_2
Changes since 1.44: +1 -11 lines
Diff to previous 1.44 (colored)
Don't doublecheck whether the RSC eContent Resourceblock contains inherit elements The RSC ASN.1 templates make it impossible to pass an RFC3779-style inherit option because of the use of ConstrainedIPAddressFamily and ConstrainedASIdentifiers. OK tb@
Revision 1.44 / (download) - annotate - [select for diffs], Sat Sep 3 14:40:09 2022 UTC (21 months, 1 week ago) by job
Branch: MAIN
Changes since 1.43: +2 -18 lines
Diff to previous 1.43 (colored)
Introduce x509_any_inherit() for objects which may not have inherit elements Unify conformance checking of Trust Anchors, ROAs, ASPAs, RSCs - none of which may have any 'inherit' elements in the RFC 3779 IP/AS Resources extension of the X509 certificate. OK tb@
Revision 1.43 / (download) - annotate - [select for diffs], Sat Sep 3 13:01:43 2022 UTC (21 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.42: +2 -5 lines
Diff to previous 1.42 (colored)
Move non-inheritance check for BGPsec certs into cert_parse_pre() ok claudio job (as part of a larger diff)
Revision 1.42 / (download) - annotate - [select for diffs], Tue Aug 30 18:56:49 2022 UTC (21 months, 1 week ago) by job
Branch: MAIN
Changes since 1.41: +18 -1 lines
Diff to previous 1.41 (colored)
Add support for ASPA objects (draft-ietf-sidrops-aspa-profile-10) ASPA objects are published in the RPKI and can be used to detect and mitigate BGP route leaks. Validated ASPA Payloads are visible through filemode (-f) and the JSON output format (-j). With feedback from tb@ OK claudio@ tb@
Revision 1.41 / (download) - annotate - [select for diffs], Fri Aug 19 12:45:53 2022 UTC (21 months, 3 weeks ago) by tb
Branch: MAIN
Changes since 1.40: +12 -12 lines
Diff to previous 1.40 (colored)
Check the resources in ROAs and RSCs against EE certs The resources delegated in the RFC 3779 extensions of the EE cert for ROAs or RSCs can be a subset of the resources in the auth chain. So far we compared that the resources of ROAs and RSCs are covered by the auth chain, which is not entirely correct. Extract the necessary data from the EE cert into rpki-client's own data structures, then verify that the EE cert's resources cover the ones claimed in the ROA or RSC. Do this as part or ROA and RSC parsing, that the EE cert's resources are covered by the auth chain is checked in valid_x509() later on. All this is a bit more annoying and intrusive than it should be... ok claudio job
Revision 1.40 / (download) - annotate - [select for diffs], Fri Jun 10 10:36:43 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.39: +24 -1 lines
Diff to previous 1.39 (colored)
Dedup econtent version checks Since the ASN.1 template conversions, we have three copies of mostly dead code that validates that the econtent version is at its default value 0. Until a new standard bumps this version and we decide to support that, we're better off with only one copy of this code. ok claudio
Revision 1.39 / (download) - annotate - [select for diffs], Tue Jun 7 08:50:07 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.38: +8 -10 lines
Diff to previous 1.38 (colored)
Fix path validation of AS numbers If a certificate along the chain does not have an AS numbers extension, this is a failure condition according to RFC 3779, section 3.3. ok job
Revision 1.38 / (download) - annotate - [select for diffs], Sun May 15 16:43:35 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.37: +5 -5 lines
Diff to previous 1.37 (colored)
More KNF and whitespace fixes.
Revision 1.37 / (download) - annotate - [select for diffs], Sun May 15 16:40:43 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.36: +1 -2 lines
Diff to previous 1.36 (colored)
Remove misplaced continue ok job
Revision 1.36 / (download) - annotate - [select for diffs], Sun May 15 15:00:53 2022 UTC (2 years ago) by deraadt
Branch: MAIN
Changes since 1.35: +6 -6 lines
Diff to previous 1.35 (colored)
whitespace spotted during read-thru
Revision 1.35 / (download) - annotate - [select for diffs], Thu May 12 10:53:59 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.34: +1 -65 lines
Diff to previous 1.34 (colored)
Remove verify callback It is no longer possible to build rpki-client with LibreSSL < 3.5 or with OpenSSL built with OPENSSL_NO_RFC3779, so this compat code can be retired. ok claudio job
Revision 1.34 / (download) - annotate - [select for diffs], Thu May 12 10:50:12 2022 UTC (2 years ago) by tb
Branch: MAIN
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored)
nuke tabs
Revision 1.33 / (download) - annotate - [select for diffs], Wed May 11 14:42:01 2022 UTC (2 years, 1 month ago) by job
Branch: MAIN
Changes since 1.32: +76 -1 lines
Diff to previous 1.32 (colored)
In filemode check whether ROA & RSC resources are properly contained with and OK tb@ claudio@
Revision 1.32 / (download) - annotate - [select for diffs], Tue May 10 07:41:37 2022 UTC (2 years, 1 month ago) by tb
Branch: MAIN
Changes since 1.31: +17 -1 lines
Diff to previous 1.31 (colored)
Validate RSC filenames Factor out POSIX portable filename check into a new valid_filename() and rename the previous valid_filename() to valid_mft_filename(). Fixes and supersedes imcomplete checks in the RSC code. Avoids truncation via strndup() in case of embedded NULs. input/ok claudio
Revision 1.31 / (download) - annotate - [select for diffs], Thu Apr 21 09:53:07 2022 UTC (2 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.30: +160 -1 lines
Diff to previous 1.30 (colored)
The filemode code is enough different from the regular parser code that it makes sense to totally split it out. Duplicate proc_parser_cert_validate() and proc_parser_root_cert() for now. The valid_x509() plus the required static functions are moved to validate.c. The crl_tree code moved into crl.c similar to the auth_tree handling in cert.c. All the proc functions are now tagged with __attribute(noreturn) which allows to remove the errx() after them. OK tb@
Revision 1.30 / (download) - annotate - [select for diffs], Tue Apr 19 09:52:29 2022 UTC (2 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.29: +22 -1 lines
Diff to previous 1.29 (colored)
Adjust on how CRL and MFT files are verified. Verify the CRL referenced from the mft against the mft's fileAndHash info. If the CRL matches then load it and use it to validate this mft. If the mft validated OK add the now also valid CRL to the auth store for later use. Before the newest CRL was always selected but that has negative consequences because it is common practice to revoke the previous MFT's EE cert and with that the cache is turned useless as soon as a new CRL is used. Also there was a possibility that the CRL used for validation of the MFT was not the one later used. Both RFC6486 and draft-ietf-sidrops-6486bis are unclear about this part of the validation process. We opted in favor of the chached MFT. With and OK tb@
Revision 1.29 / (download) - annotate - [select for diffs], Fri Feb 4 13:50:32 2022 UTC (2 years, 4 months ago) by job
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.28: +2 -3 lines
Diff to previous 1.28 (colored)
Fix outdated comment Nowadays SKI/AKI validation happens in proc_parser_roa()
Revision 1.28 / (download) - annotate - [select for diffs], Sun Jan 23 09:19:13 2022 UTC (2 years, 4 months ago) by tb
Branch: MAIN
Changes since 1.27: +1 -2 lines
Diff to previous 1.27 (colored)
zap extra blank line
Revision 1.27 / (download) - annotate - [select for diffs], Sun Jan 23 05:59:35 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.26: +3 -14 lines
Diff to previous 1.26 (colored)
Simplify valid_cert() and valid_roa() by passing in struct auth instead of looking it up again. For this valid_roa() needs to be moved up in proc_parser_roa() also move out the assignment of the TAL id. Not the right thing to alter an object in a validation function. OK tb@
Revision 1.26 / (download) - annotate - [select for diffs], Sat Jan 22 09:18:48 2022 UTC (2 years, 4 months ago) by tb
Branch: MAIN
Changes since 1.25: +1 -58 lines
Diff to previous 1.25 (colored)
Change valid_filename() ot return an enum rtype and rename it to rtype_from_mftfile(). Move both rtype_from functions to mft.c. ok beck claudio
Revision 1.25 / (download) - annotate - [select for diffs], Fri Jan 21 18:49:44 2022 UTC (2 years, 4 months ago) by tb
Branch: MAIN
Changes since 1.24: +38 -15 lines
Diff to previous 1.24 (colored)
Add function to determine the file type from the file name extension rpki-client uses the same idiom to determine the file type in too many places. Use one function that determines the appropriate RTYPE from the file name. Add that type to struct mftfile and use this new member to simplify queue_add_from_mft*(). input/ok claudio
Revision 1.24 / (download) - annotate - [select for diffs], Thu Jan 13 13:46:03 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.23: +6 -6 lines
Diff to previous 1.23 (colored)
Alter valid_filehash() to take a file descriptor instead of a path. This is needed so that callers can allow a file to be in multiple locations. Also move mft_check() from mft.c to parser.c. OK tb@
Revision 1.23 / (download) - annotate - [select for diffs], Sun Dec 26 12:32:28 2021 UTC (2 years, 5 months ago) by tb
Branch: MAIN
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored)
fix spelling of inheritance
Revision 1.13.2.1 / (download) - annotate - [select for diffs], Tue Nov 9 13:41:19 2021 UTC (2 years, 7 months ago) by benno
Branch: OPENBSD_6_9
Changes since 1.13: +70 -19 lines
Diff to previous 1.13 (colored) next main 1.14 (colored)
rpki-client(8) should handle CA misbehaviours as soft-errors. This is a merge of usr.sbin/rpki-client and usr.bin/rsync from current and includes all commits in rpki-client 7.5 up to Tue Nov 9 11:03:40 2021 and to openrsync up to Wed Nov 3 14:42:13 2021, including: * Make rpki-client more resilient regarding untrusted input: - fail repository synchronisation after 15min runtime - limit the number of publication points per TAL - don't allow DOCTYPE definitions in RRDP XML files - fix detection of HTTP redirect loops. * limit the number of concurrent rsync processes. * fix CRLF in tal files. This is patches/6.9/common/021_rpki.patch.sig
Revision 1.15.4.1 / (download) - annotate - [select for diffs], Tue Nov 9 13:40:32 2021 UTC (2 years, 7 months ago) by benno
Branch: OPENBSD_7_0
Changes since 1.15: +67 -15 lines
Diff to previous 1.15 (colored) next main 1.16 (colored)
rpki-client(8) should handle CA misbehaviours as soft-errors. This is a merge of usr.sbin/rpki-client and usr.bin/rsync from current and includes all commits in rpki-client 7.5 up to Tue Nov 9 11:03:40 2021 and to openrsync up to Wed Nov 3 14:42:13 2021, including: * Make rpki-client more resilient regarding untrusted input: - fail repository synchronisation after 15min runtime - limit the number of publication points per TAL - don't allow DOCTYPE definitions in RRDP XML files - fix detection of HTTP redirect loops. * limit the number of concurrent rsync processes. * fix CRLF in tal files. This is patches/7.0/common/004_rpki.patch.sig
Revision 1.22 / (download) - annotate - [select for diffs], Thu Nov 4 11:32:55 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.21: +2 -3 lines
Diff to previous 1.21 (colored)
Instead of passing tal descriptions around just pass a tal id and use a small lookup table to print the description in the output path. OK tb@
Revision 1.21 / (download) - annotate - [select for diffs], Mon Nov 1 09:12:18 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.20: +2 -13 lines
Diff to previous 1.20 (colored)
Cleanup struct auth a bit. The tal description is also stored in the cert and the filename is only used in tracewarn which is not that helpful. OK tb@
Revision 1.20 / (download) - annotate - [select for diffs], Fri Oct 29 09:27:36 2021 UTC (2 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.19: +25 -1 lines
Diff to previous 1.19 (colored)
Ensure that RRDP snapshot and delta files are fetched from the same host as the notification file. OK tb@ job@
Revision 1.19 / (download) - annotate - [select for diffs], Wed Oct 27 21:56:58 2021 UTC (2 years, 7 months ago) by beck
Branch: MAIN
Changes since 1.18: +2 -2 lines
Diff to previous 1.18 (colored)
Add limits on size of certain untrusted inputs ok job@
Revision 1.18 / (download) - annotate - [select for diffs], Wed Oct 27 18:09:08 2021 UTC (2 years, 7 months ago) by job
Branch: MAIN
Changes since 1.17: +4 -1 lines
Diff to previous 1.17 (colored)
Limit length on URIs OK beck@
Revision 1.17 / (download) - annotate - [select for diffs], Sun Oct 24 12:06:16 2021 UTC (2 years, 7 months ago) by job
Branch: MAIN
Changes since 1.16: +35 -1 lines
Diff to previous 1.16 (colored)
Restrict the characterset for filenames on Manifests feedback from benno@ OK claudio@
Revision 1.16 / (download) - annotate - [select for diffs], Mon Oct 11 16:50:03 2021 UTC (2 years, 7 months ago) by job
Branch: MAIN
Changes since 1.15: +5 -2 lines
Diff to previous 1.15 (colored)
Add support for BGPsec Router Certificates (RFC 8209) BGPsec router keys are extracted from RPKI certificates and emitted via the JSON output in base64 encoded form. OK tb@ claudio@
Revision 1.15 / (download) - annotate - [select for diffs], Mon Aug 16 10:38:57 2021 UTC (2 years, 9 months ago) by jsg
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE
Branch point for: OPENBSD_7_0
Changes since 1.14: +2 -1 lines
Diff to previous 1.14 (colored)
add missing break ok claudio@
Revision 1.14 / (download) - annotate - [select for diffs], Mon Apr 19 17:04:35 2021 UTC (3 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.13: +3 -5 lines
Diff to previous 1.13 (colored)
code review results in KNF, and moving local variables into lowest scope ok claudio
Revision 1.13 / (download) - annotate - [select for diffs], Fri Mar 5 17:15:19 2021 UTC (3 years, 3 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE
Branch point for: OPENBSD_6_9
Changes since 1.12: +31 -1 lines
Diff to previous 1.12 (colored)
Factor out the URI check we do in various places into valid_uri(). RRDP will add a bunch more checks so this makes even more sense. With and OK tb@
Revision 1.12 / (download) - annotate - [select for diffs], Fri Mar 5 16:00:00 2021 UTC (3 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.11: +33 -1 lines
Diff to previous 1.11 (colored)
Factor out the SHA256 hash checks into valid_filehash() so that it can be used by the RRDP code as well. OK tb@
Revision 1.11 / (download) - annotate - [select for diffs], Sat Sep 12 15:46:48 2020 UTC (3 years, 8 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.10: +1 -3 lines
Diff to previous 1.10 (colored)
Include openssl/x509.h in extern.h since it uses a few of the typedefs from there in structs and prototypes. Remove the openssl/ssl.h and other strange openssl includes in the .c files that don't use openssl specific functions. OK beck@ and tb@
Revision 1.10 / (download) - annotate - [select for diffs], Fri Nov 29 05:16:54 2019 UTC (4 years, 6 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored)
e2k19 - above par s/EXIT_FAILURE/1/ ok claudio@
Revision 1.9 / (download) - annotate - [select for diffs], Fri Nov 29 02:47:57 2019 UTC (4 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.8: +3 -4 lines
Diff to previous 1.8 (colored)
valid_as() should be as strict as valid_ip() when it comes to not-covered blocks. No longer bubble up the chain in the hope that something is covered. If this causes issues people need to fix the repository where it causes errors.
Revision 1.8 / (download) - annotate - [select for diffs], Thu Nov 28 20:36:17 2019 UTC (4 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.7: +87 -105 lines
Diff to previous 1.7 (colored)
Convert the auths array into an RB tree indexed by SKI. For fast lookups the parent auth struct is stored as a pointer so walking up the certificate chain remains simple. Doing this replaces a few slow lookups and speeds up rpki-client by a factor of 2. OK benno@
Revision 1.7 / (download) - annotate - [select for diffs], Wed Nov 27 17:08:12 2019 UTC (4 years, 6 months ago) by benno
Branch: MAIN
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)
Only store ta certs in the trust store and build chains of the intermediate certificates for use in X509_STORE_CTX_init(). To do that save the X509 cert in struct cert. claudio sees > 2x speed increase. ok claudio@ and feedback from jsing@ and beck@.
Revision 1.6 / (download) - annotate - [select for diffs], Mon Nov 18 08:38:27 2019 UTC (4 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.5: +4 -4 lines
Diff to previous 1.5 (colored)
Add and fix some comments. From kristaps@
Revision 1.5 / (download) - annotate - [select for diffs], Tue Oct 8 10:04:36 2019 UTC (4 years, 8 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.4: +5 -5 lines
Diff to previous 1.4 (colored)
Rewrite the output handling of rpki-client and add an option to dump the data in JSON format. To make the JSON output the same as the output of the RIPE rpki-validator the basename of the TAL had to be added and passed around in rpki-client. Additinally the VRPs are now stored in an RB tree in the main process instead of keeping them per ROA object. This changes the sort order to be in network order and no longer just lexographical. Agreed by job@ deraadt@
Revision 1.4 / (download) - annotate - [select for diffs], Wed Jun 19 16:30:37 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.3: +1 -1 lines
Diff to previous 1.3 (colored)
use $OpenBSD$ headers
Revision 1.3 / (download) - annotate - [select for diffs], Wed Jun 19 04:21:43 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.2: +30 -31 lines
Diff to previous 1.2 (colored)
indentation adjustments, in particular near warn statements ok claudio
Revision 1.2 / (download) - annotate - [select for diffs], Mon Jun 17 15:04:59 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.1: +1 -2 lines
Diff to previous 1.1 (colored)
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Mon Jun 17 14:31:31 2019 UTC (4 years, 11 months ago) by job
Branch: job
CVS Tags: job_20190617
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)
Import Kristaps Dzonsons' RPKI validator into the tree rpki-client(1) is an implementation of the Resource Public Key Infrastructure (RPKI), specified by RFC 6480. The client is responsible for downloading, validating and converting Route Origin Authorisations (ROAs) into Validated ROA Payloads (VRPs). The client's output (VRPs) can be used by bgpd(8) to perform BGP Origin Validation (RFC 6811). The current rpki-client(1) version depends on the CMS functions in OpenSSL, this of course needs to be addressed urgently. Thanks to NetNod, IIS.SE, SUNET & 6connect for supporting this effort! OK deraadt@
Revision 1.1 / (download) - annotate - [select for diffs], Mon Jun 17 14:31:31 2019 UTC (4 years, 11 months ago) by job
Branch: MAIN
Initial revision