-/* $OpenBSD: aspa.c,v 1.15 2023/03/12 11:46:35 tb Exp $ */
+/* $OpenBSD: aspa.c,v 1.16 2023/03/12 11:54:56 job Exp $ */
/*
* Copyright (c) 2022 Job Snijders <job@fastly.com>
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
{
io_simple_buffer(b, &p->valid, sizeof(p->valid));
io_simple_buffer(b, &p->custasid, sizeof(p->custasid));
- io_simple_buffer(b, &p->notafter, sizeof(p->notafter));
+ io_simple_buffer(b, &p->expires, sizeof(p->expires));
io_simple_buffer(b, &p->providersz, sizeof(size_t));
io_simple_buffer(b, p->providers,
io_read_buf(b, &p->valid, sizeof(p->valid));
io_read_buf(b, &p->custasid, sizeof(p->custasid));
- io_read_buf(b, &p->notafter, sizeof(p->notafter));
+ io_read_buf(b, &p->expires, sizeof(p->expires));
io_read_buf(b, &p->providersz, sizeof(size_t));
if ((p->providers = calloc(p->providersz,
if ((v = calloc(1, sizeof(*v))) == NULL)
err(1, NULL);
v->custasid = aspa->custasid;
- v->expires = aspa->notafter;
+ v->expires = aspa->expires;
if ((found = RB_INSERT(vap_tree, tree, v)) != NULL) {
if (found->expires > v->expires)
-/* $OpenBSD: extern.h,v 1.172 2023/03/10 12:44:56 job Exp $ */
+/* $OpenBSD: extern.h,v 1.173 2023/03/12 11:54:56 job Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
time_t signtime; /* CMS signing-time attribute */
time_t notbefore; /* EE cert's Not Before */
time_t notafter; /* EE cert's Not After */
+ time_t expires; /* Transitive expiry moment */
};
struct rscfile {
time_t signtime; /* CMS signing-time attribute */
time_t notbefore; /* EE cert's Not Before */
time_t notafter; /* notAfter of the ASPA EE cert */
+ time_t expires; /* Transitive expiry moment */
};
/*
GENERAL_NAME *, char **);
int x509_inherits(X509 *);
int x509_any_inherits(X509 *);
+time_t x509_find_expires(time_t, struct auth *, struct crl_tree *);
/* printers */
char *time2str(time_t);
-/* $OpenBSD: mft.c,v 1.85 2023/03/12 11:46:35 tb Exp $ */
+/* $OpenBSD: mft.c,v 1.86 2023/03/12 11:54:56 job Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
} ASN1_SEQUENCE_END(FileAndHash);
ASN1_SEQUENCE(Manifest) = {
- ASN1_EXP_OPT(Manifest, version, ASN1_INTEGER, 0),
+ ASN1_IMP_OPT(Manifest, version, ASN1_INTEGER, 0),
ASN1_SIMPLE(Manifest, manifestNumber, ASN1_INTEGER),
ASN1_SIMPLE(Manifest, thisUpdate, ASN1_GENERALIZEDTIME),
ASN1_SIMPLE(Manifest, nextUpdate, ASN1_GENERALIZEDTIME),
-/* $OpenBSD: parser.c,v 1.87 2023/03/10 12:44:56 job Exp $ */
+/* $OpenBSD: parser.c,v 1.88 2023/03/12 11:54:56 job Exp $ */
/*
* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
roa->talid = a->cert->talid;
- /*
- * Check CRL to figure out the soonest transitive expiry moment
- */
- if (crl != NULL && roa->notafter > crl->nextupdate)
- roa->notafter = crl->nextupdate;
-
- /*
- * Scan the cert tree to figure out the soonest transitive
- * expiry moment
- */
- for (; a != NULL; a = a->parent) {
- if (roa->notafter > a->cert->notafter)
- roa->notafter = a->cert->notafter;
- }
+ roa->expires = x509_find_expires(roa->notafter, a, &crlt);
return roa;
}
aspa->talid = a->cert->talid;
- if (crl != NULL && aspa->notafter > crl->nextupdate)
- aspa->notafter = crl->nextupdate;
-
- for (; a != NULL; a = a->parent) {
- if (aspa->notafter > a->cert->notafter)
- aspa->notafter = a->cert->notafter;
- }
+ aspa->expires = x509_find_expires(aspa->notafter, a, &crlt);
return aspa;
}
-/* $OpenBSD: roa.c,v 1.64 2023/03/12 11:46:35 tb Exp $ */
+/* $OpenBSD: roa.c,v 1.65 2023/03/12 11:54:56 job Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
io_simple_buffer(b, &p->asid, sizeof(p->asid));
io_simple_buffer(b, &p->talid, sizeof(p->talid));
io_simple_buffer(b, &p->ipsz, sizeof(p->ipsz));
- io_simple_buffer(b, &p->notafter, sizeof(p->notafter));
+ io_simple_buffer(b, &p->expires, sizeof(p->expires));
io_simple_buffer(b, p->ips, p->ipsz * sizeof(p->ips[0]));
io_read_buf(b, &p->asid, sizeof(p->asid));
io_read_buf(b, &p->talid, sizeof(p->talid));
io_read_buf(b, &p->ipsz, sizeof(p->ipsz));
- io_read_buf(b, &p->notafter, sizeof(p->notafter));
+ io_read_buf(b, &p->expires, sizeof(p->expires));
if ((p->ips = calloc(p->ipsz, sizeof(struct roa_ip))) == NULL)
err(1, NULL);
v->repoid = repo_id(rp);
else
v->repoid = 0;
- v->expires = roa->notafter;
+ v->expires = roa->expires;
/*
* Check if a similar VRP already exists in the tree.
-/* $OpenBSD: x509.c,v 1.68 2023/03/10 12:44:56 job Exp $ */
+/* $OpenBSD: x509.c,v 1.69 2023/03/12 11:54:56 job Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
BN_free(seqnum);
return s;
}
+
+/*
+ * Find the closest expiry moment by walking the chain of authorities.
+ */
+time_t
+x509_find_expires(time_t notafter, struct auth *a, struct crl_tree *crlt)
+{
+ struct crl *crl;
+ time_t expires;
+
+ expires = notafter;
+
+ for (; a != NULL; a = a->parent) {
+ if (expires > a->cert->notafter)
+ expires = a->cert->notafter;
+ crl = crl_get(crlt, a);
+ if (crl != NULL && expires > crl->nextupdate)
+ expires = crl->nextupdate;
+ }
+
+ return expires;
+}
projects / openbsd / commitdiff