-/* $OpenBSD: extern.h,v 1.141 2022/06/01 10:59:21 tb Exp $ */
+/* $OpenBSD: extern.h,v 1.142 2022/06/10 10:36:43 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
int valid_x509(char *, X509_STORE_CTX *, X509 *, struct auth *,
struct crl *, int);
int valid_rsc(const char *, struct auth *, struct rsc *);
+int valid_econtent_version(const char *, const ASN1_INTEGER *);
/* Working with CMS. */
unsigned char *cms_parse_validate(X509 **, const char *,
-/* $OpenBSD: mft.c,v 1.70 2022/06/01 10:58:34 tb Exp $ */
+/* $OpenBSD: mft.c,v 1.71 2022/06/10 10:36:43 tb Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
{
Manifest *mft;
FileAndHash *fh;
- long mft_version;
int i, rc = 0;
if ((mft = d2i_Manifest(NULL, &d, dsz)) == NULL) {
goto out;
}
- /* Validate the optional version field */
- if (mft->version != NULL) {
- mft_version = ASN1_INTEGER_get(mft->version);
- if (mft_version < 0) {
- cryptowarnx("%s: ASN1_INTEGER_get failed", p->fn);
- goto out;
- }
-
- switch (mft_version) {
- case 0:
- warnx("%s: incorrect encoding for version 0", p->fn);
- goto out;
- default:
- warnx("%s: version %ld not supported (yet)", p->fn,
- mft_version);
- goto out;
- }
- }
+ if (!valid_econtent_version(p->fn, mft->version))
+ goto out;
p->res->seqnum = x509_convert_seqnum(p->fn, mft->manifestNumber);
if (p->res->seqnum == NULL)
-/* $OpenBSD: roa.c,v 1.46 2022/05/31 18:51:35 tb Exp $ */
+/* $OpenBSD: roa.c,v 1.47 2022/06/10 10:36:43 tb Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
roa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
{
RouteOriginAttestation *roa;
- long roa_version;
const ROAIPAddressFamily *addrfam;
const STACK_OF(ROAIPAddress) *addrs;
int addrsz;
goto out;
}
- /* Validate the optional version field */
- if (roa->version != NULL) {
- roa_version = ASN1_INTEGER_get(roa->version);
- if (roa_version < 0) {
- warnx("%s: ASN1_INTEGER_get failed", p->fn);
- goto out;
- }
-
- switch (roa_version) {
- case 0:
- warnx("%s: incorrect encoding for version 0", p->fn);
- goto out;
- default:
- warnx("%s: version %ld not supported (yet)", p->fn,
- roa_version);
- goto out;
- }
- }
+ if (!valid_econtent_version(p->fn, roa->version))
+ goto out;
if (!as_id_parse(roa->asid, &p->res->asid)) {
warnx("%s: RFC 6482 section 3.2: asID: "
-/* $OpenBSD: rsc.c,v 1.10 2022/06/05 13:31:35 tb Exp $ */
+/* $OpenBSD: rsc.c,v 1.11 2022/06/10 10:36:43 tb Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2022 Job Snijders <job@fastly.com>
{
RpkiSignedChecklist *rsc;
ResourceBlock *resources;
- long rsc_version;
int rc = 0;
/*
goto out;
}
- /* Validate the optional version field */
- if (rsc->version != NULL) {
- rsc_version = ASN1_INTEGER_get(rsc->version);
- if (rsc_version < 0) {
- cryptowarnx("%s: RSC: ASN1_INTEGER_get failed", p->fn);
- goto out;
- }
-
- switch (rsc_version) {
- case 0:
- warnx("%s: RSC: incorrect version encoding", p->fn);
- goto out;
- default:
- warnx("%s: RSC: version %ld not supported (yet)", p->fn,
- rsc_version);
- goto out;
- }
- }
+ if (!valid_econtent_version(p->fn, rsc->version))
+ goto out;
resources = rsc->resources;
if (resources->asID == NULL && resources->ipAddrBlocks == NULL) {
-/* $OpenBSD: validate.c,v 1.39 2022/06/07 08:50:07 tb Exp $ */
+/* $OpenBSD: validate.c,v 1.40 2022/06/10 10:36:43 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
return 1;
}
+
+int
+valid_econtent_version(const char *fn, const ASN1_INTEGER *aint)
+{
+ long version;
+
+ if (aint == NULL)
+ return 1;
+
+ if ((version = ASN1_INTEGER_get(aint)) < 0) {
+ warnx("%s: ASN1_INTEGER_get failed", fn);
+ return 0;
+ }
+
+ switch (version) {
+ case 0:
+ warnx("%s: incorrect encoding for version 0", fn);
+ return 0;
+ default:
+ warnx("%s: version %ld not supported (yet)", fn, version);
+ return 0;
+ }
+}
projects / openbsd / commitdiff