rtype_from_mftfile(). Move both rtype_from functions to mft.c.
ok beck claudio
-/* $OpenBSD: extern.h,v 1.111 2022/01/21 18:49:44 tb Exp $ */
+/* $OpenBSD: extern.h,v 1.112 2022/01/22 09:18:48 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
struct mft *mft_parse(X509 **, const char *, const unsigned char *,
size_t);
struct mft *mft_read(struct ibuf *);
+enum rtype rtype_from_file_extension(const char *);
+enum rtype rtype_from_mftfile(const char *);
void roa_buffer(struct ibuf *, const struct roa *);
void roa_free(struct roa *);
int valid_cert(const char *, struct auth_tree *,
const struct cert *);
int valid_roa(const char *, struct auth_tree *, struct roa *);
-int valid_filename(const char *);
int valid_filehash(int, const char *, size_t);
int valid_uri(const char *, size_t, const char *);
int valid_origin(const char *, const char *);
-enum rtype rtype_from_file_extension(const char *);
-
/* Working with CMS. */
unsigned char *cms_parse_validate(X509 **, const char *,
const unsigned char *, size_t,
-/* $OpenBSD: mft.c,v 1.49 2022/01/21 18:49:44 tb Exp $ */
+/* $OpenBSD: mft.c,v 1.50 2022/01/22 09:18:48 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
*/
#include <assert.h>
+#include <ctype.h>
#include <err.h>
#include <limits.h>
#include <stdarg.h>
return 1;
}
+/*
+ * Determine rtype corresponding to file extension. Returns RTYPE_INVALID
+ * on error or unkown extension.
+ */
+enum rtype
+rtype_from_file_extension(const char *fn)
+{
+ size_t sz;
+
+ sz = strlen(fn);
+ if (sz < 5)
+ return RTYPE_INVALID;
+
+ if (strcasecmp(fn + sz - 4, ".tal") == 0)
+ return RTYPE_TAL;
+ if (strcasecmp(fn + sz - 4, ".cer") == 0)
+ return RTYPE_CER;
+ if (strcasecmp(fn + sz - 4, ".crl") == 0)
+ return RTYPE_CRL;
+ if (strcasecmp(fn + sz - 4, ".mft") == 0)
+ return RTYPE_MFT;
+ if (strcasecmp(fn + sz - 4, ".roa") == 0)
+ return RTYPE_ROA;
+ if (strcasecmp(fn + sz - 4, ".gbr") == 0)
+ return RTYPE_GBR;
+
+ return RTYPE_INVALID;
+}
+
+/*
+ * Validate that a filename listed on a Manifest only contains characters
+ * permitted in draft-ietf-sidrops-6486bis section 4.2.2 and check that
+ * it's a CER, CRL, GBR or a ROA.
+ * Returns corresponding rtype or RTYPE_INVALID on error.
+ */
+enum rtype
+rtype_from_mftfile(const char *fn)
+{
+ const unsigned char *c;
+ enum rtype type;
+
+ for (c = fn; *c != '\0'; ++c)
+ if (!isalnum(*c) && *c != '-' && *c != '_' && *c != '.')
+ return RTYPE_INVALID;
+
+ if (strchr(fn, '.') != strrchr(fn, '.'))
+ return RTYPE_INVALID;
+
+ type = rtype_from_file_extension(fn);
+ switch (type) {
+ case RTYPE_CER:
+ case RTYPE_CRL:
+ case RTYPE_GBR:
+ case RTYPE_ROA:
+ return type;
+ default:
+ return RTYPE_INVALID;
+ }
+}
+
/*
* Parse an individual "FileAndHash", RFC 6486, sec. 4.2.
* Return zero on failure, non-zero on success.
if (fn == NULL)
err(1, NULL);
- if (!valid_filename(fn)) {
+ if ((type = rtype_from_mftfile(fn)) == RTYPE_INVALID) {
warnx("%s: invalid filename: %s", p->fn, fn);
goto out;
}
- type = rtype_from_file_extension(fn);
-
/* Now hash value. */
hash = sk_ASN1_TYPE_value(seq, 1);
-/* $OpenBSD: parser.c,v 1.49 2022/01/21 18:49:44 tb Exp $ */
+/* $OpenBSD: parser.c,v 1.50 2022/01/22 09:18:48 tb Exp $ */
/*
* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
for (i = 0; i < p->filesz; i++) {
const struct mftfile *m = &p->files[i];
- if (!valid_filename(m->file)) {
+ if (rtype_from_mftfile(m->file) == RTYPE_INVALID) {
if (base64_encode(m->hash, sizeof(m->hash), &h) == -1)
errx(1, "base64_encode failed in %s", __func__);
warnx("%s: unsupported filename for %s", fn, h);
-/* $OpenBSD: validate.c,v 1.25 2022/01/21 18:49:44 tb Exp $ */
+/* $OpenBSD: validate.c,v 1.26 2022/01/22 09:18:48 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
return 1;
}
-/*
- * Determine rtype corresponding to file extension. Returns RTYPE_INVALID
- * on error or unkown extension.
- */
-enum rtype
-rtype_from_file_extension(const char *fn)
-{
- size_t sz;
-
- sz = strlen(fn);
- if (sz < 5)
- return RTYPE_INVALID;
-
- if (strcasecmp(fn + sz - 4, ".tal") == 0)
- return RTYPE_TAL;
- if (strcasecmp(fn + sz - 4, ".cer") == 0)
- return RTYPE_CER;
- if (strcasecmp(fn + sz - 4, ".crl") == 0)
- return RTYPE_CRL;
- if (strcasecmp(fn + sz - 4, ".mft") == 0)
- return RTYPE_MFT;
- if (strcasecmp(fn + sz - 4, ".roa") == 0)
- return RTYPE_ROA;
- if (strcasecmp(fn + sz - 4, ".gbr") == 0)
- return RTYPE_GBR;
-
- return RTYPE_INVALID;
-}
-
-/*
- * Validate a filename listed on a Manifest.
- * draft-ietf-sidrops-6486bis section 4.2.2
- * Returns 1 if filename is valid, otherwise 0.
- */
-int
-valid_filename(const char *fn)
-{
- const unsigned char *c;
-
- for (c = fn; *c != '\0'; ++c)
- if (!isalnum(*c) && *c != '-' && *c != '_' && *c != '.')
- return 0;
-
- if (strchr(fn, '.') != strrchr(fn, '.'))
- return 0;
-
- switch (rtype_from_file_extension(fn)) {
- case RTYPE_CER:
- case RTYPE_CRL:
- case RTYPE_GBR:
- case RTYPE_ROA:
- return 1;
- default:
- return 0;
- }
-}
-
/*
* Validate a file by verifying the SHA256 hash of that file.
* The file to check is passed as a file descriptor.
projects / openbsd / commitdiff