Cleanup the scattered OBJ_txt2obj() calls and move them into

x509_init_oid() to initalize all necessary OID objects at start.
OK tb@

diff --git a/usr.sbin/rpki-client/cert.c b/usr.sbin/rpki-client/cert.c
index a8ec879..074a701 100644 (file)
--- a/usr.sbin/rpki-client/cert.c
+++ b/usr.sbin/rpki-client/cert.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: cert.c,v 1.49 2021/12/26 12:32:28 tb Exp $ */
+/*     $OpenBSD: cert.c,v 1.50 2022/01/18 13:06:43 claudio Exp $ */
 /*
  * Copyright (c) 2021 Job Snijders <job@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -47,20 +47,9 @@ struct       parse {
        const char      *fn; /* currently-parsed file */
 };
 
-static ASN1_OBJECT     *carepo_oid;    /* 1.3.6.1.5.5.7.48.5 (caRepository) */
-static ASN1_OBJECT     *mft_oid;       /* 1.3.6.1.5.5.7.48.10 (rpkiManifest) */
-static ASN1_OBJECT     *notify_oid;    /* 1.3.6.1.5.5.7.48.13 (rpkiNotify) */
-
-static void
-cert_init_oid(void)
-{
-       if ((carepo_oid = OBJ_txt2obj("1.3.6.1.5.5.7.48.5", 1)) == NULL)
-               errx(1, "OBJ_txt2obj for %s failed", "1.3.6.1.5.5.7.48.5");
-       if ((mft_oid = OBJ_txt2obj("1.3.6.1.5.5.7.48.10", 1)) == NULL)
-               errx(1, "OBJ_txt2obj for %s failed", "1.3.6.1.5.5.7.48.10");
-       if ((notify_oid = OBJ_txt2obj("1.3.6.1.5.5.7.48.13", 1)) == NULL)
-               errx(1, "OBJ_txt2obj for %s failed", "1.3.6.1.5.5.7.48.13");
-}
+extern ASN1_OBJECT     *carepo_oid;    /* 1.3.6.1.5.5.7.48.5 (caRepository) */
+extern ASN1_OBJECT     *manifest_oid;  /* 1.3.6.1.5.5.7.48.10 (rpkiManifest) */
+extern ASN1_OBJECT     *notify_oid;    /* 1.3.6.1.5.5.7.48.13 (rpkiNotify) */
 
 /*
  * Append an IP address structure to our list of results.
@@ -270,12 +259,9 @@ sbgp_sia_resource_entry(struct parse *p,
        if (!ASN1_frame(p->fn, dsz, &d, &plen, &ptag))
                goto out;
 
-       if (carepo_oid == NULL)
-               cert_init_oid();
-
        if (OBJ_cmp(oid, carepo_oid) == 0)
                rc = sbgp_sia_resource_carepo(p, d, plen);
-       else if (OBJ_cmp(oid, mft_oid) == 0)
+       else if (OBJ_cmp(oid, manifest_oid) == 0)
                rc = sbgp_sia_resource_mft(p, d, plen);
        else if (OBJ_cmp(oid, notify_oid) == 0)
                rc = sbgp_sia_resource_notify(p, d, plen);

diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h
index 7c0fbbc..ef1f9e6 100644 (file)
--- a/usr.sbin/rpki-client/extern.h
+++ b/usr.sbin/rpki-client/extern.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: extern.h,v 1.104 2022/01/14 15:00:23 claudio Exp $ */
+/*     $OpenBSD: extern.h,v 1.105 2022/01/18 13:06:43 claudio Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -566,6 +566,7 @@ struct ibuf *io_buf_recvfd(int, struct ibuf **);
 
 /* X509 helpers. */
 
+void            x509_init_oid(void);
 char           *x509_get_aia(X509 *, const char *);
 char           *x509_get_aki(X509 *, int, const char *);
 char           *x509_get_ski(X509 *, const char *);

diff --git a/usr.sbin/rpki-client/gbr.c b/usr.sbin/rpki-client/gbr.c
index 60b01ae..431d804 100644 (file)
--- a/usr.sbin/rpki-client/gbr.c
+++ b/usr.sbin/rpki-client/gbr.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: gbr.c,v 1.11 2021/10/26 10:52:50 claudio Exp $ */
+/*     $OpenBSD: gbr.c,v 1.12 2022/01/18 13:06:43 claudio Exp $ */
 /*
  * Copyright (c) 2020 Claudio Jeker <claudio@openbsd.org>
  *
@@ -36,7 +36,7 @@ struct        parse {
        struct gbr       *res; /* results */
 };
 
-static ASN1_OBJECT     *gbr_oid;
+extern ASN1_OBJECT     *gbr_oid;
 
 /*
  * Parse a full RFC 6493 file and signed by the certificate "cacert"
@@ -53,14 +53,6 @@ gbr_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len)
        memset(&p, 0, sizeof(struct parse));
        p.fn = fn;
 
-       /* OID from section 9.1, RFC 6493. */
-       if (gbr_oid == NULL) {
-               gbr_oid = OBJ_txt2obj("1.2.840.113549.1.9.16.1.35", 1);
-               if (gbr_oid == NULL)
-                       errx(1, "OBJ_txt2obj for %s failed",
-                           "1.2.840.113549.1.9.16.1.35");
-       }
-
        cms = cms_parse_validate(x509, fn, der, len, gbr_oid, &cmsz);
        if (cms == NULL)
                return NULL;

diff --git a/usr.sbin/rpki-client/mft.c b/usr.sbin/rpki-client/mft.c
index bd8be30..f857cdb 100644 (file)
--- a/usr.sbin/rpki-client/mft.c
+++ b/usr.sbin/rpki-client/mft.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: mft.c,v 1.45 2022/01/13 13:46:03 claudio Exp $ */
+/*     $OpenBSD: mft.c,v 1.46 2022/01/18 13:06:43 claudio Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -39,7 +39,7 @@ struct        parse {
        struct mft      *res; /* result object */
 };
 
-static ASN1_OBJECT    *mft_oid;
+extern ASN1_OBJECT    *mft_oid;
 
 static const char *
 gentime2str(const ASN1_GENERALIZEDTIME *time)
@@ -418,13 +418,6 @@ mft_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len)
        memset(&p, 0, sizeof(struct parse));
        p.fn = fn;
 
-       if (mft_oid == NULL) {
-               mft_oid = OBJ_txt2obj("1.2.840.113549.1.9.16.1.26", 1);
-               if (mft_oid == NULL)
-                       errx(1, "OBJ_txt2obj for %s failed",
-                           "1.2.840.113549.1.9.16.1.26");
-       }
-
        cms = cms_parse_validate(x509, fn, der, len, mft_oid, &cmsz);
        if (cms == NULL)
                return NULL;

diff --git a/usr.sbin/rpki-client/parser.c b/usr.sbin/rpki-client/parser.c
index 878c0d1..bf3e25d 100644 (file)
--- a/usr.sbin/rpki-client/parser.c
+++ b/usr.sbin/rpki-client/parser.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: parser.c,v 1.37 2022/01/14 15:00:23 claudio Exp $ */
+/*     $OpenBSD: parser.c,v 1.38 2022/01/18 13:06:43 claudio Exp $ */
 /*
  * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -839,6 +839,7 @@ proc_parser(int fd)
        ERR_load_crypto_strings();
        OpenSSL_add_all_ciphers();
        OpenSSL_add_all_digests();
+       x509_init_oid();
 
        if ((ctx = X509_STORE_CTX_new()) == NULL)
                cryptoerrx("X509_STORE_CTX_new");

diff --git a/usr.sbin/rpki-client/roa.c b/usr.sbin/rpki-client/roa.c
index f9197fd..692ca92 100644 (file)
--- a/usr.sbin/rpki-client/roa.c
+++ b/usr.sbin/rpki-client/roa.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: roa.c,v 1.34 2021/12/22 08:44:15 claudio Exp $ */
+/*     $OpenBSD: roa.c,v 1.35 2022/01/18 13:06:43 claudio Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -36,7 +36,7 @@ struct        parse {
        struct roa       *res; /* results */
 };
 
-static ASN1_OBJECT     *roa_oid;
+extern ASN1_OBJECT     *roa_oid;
 
 /*
  * Parse IP address (ROAIPAddress), RFC 6482, section 3.3.
@@ -346,14 +346,6 @@ roa_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len)
        memset(&p, 0, sizeof(struct parse));
        p.fn = fn;
 
-       /* OID from section 2, RFC 6482. */
-       if (roa_oid == NULL) {
-               roa_oid = OBJ_txt2obj("1.2.840.113549.1.9.16.1.24", 1);
-               if (roa_oid == NULL)
-                       errx(1, "OBJ_txt2obj for %s failed",
-                           "1.2.840.113549.1.9.16.1.24");
-       }
-
        cms = cms_parse_validate(x509, fn, der, len, roa_oid, &cmsz);
        if (cms == NULL)
                return NULL;

diff --git a/usr.sbin/rpki-client/x509.c b/usr.sbin/rpki-client/x509.c
index 1b5f3ff..7205624 100644 (file)
--- a/usr.sbin/rpki-client/x509.c
+++ b/usr.sbin/rpki-client/x509.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: x509.c,v 1.29 2021/10/28 09:02:19 beck Exp $ */
+/*     $OpenBSD: x509.c,v 1.30 2022/01/18 13:06:43 claudio Exp $ */
 /*
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -30,11 +30,34 @@
 
 #include "extern.h"
 
-static ASN1_OBJECT     *bgpsec_oid;    /* id-kp-bgpsec-router */
+ASN1_OBJECT    *carepo_oid;    /* 1.3.6.1.5.5.7.48.5 (caRepository) */
+ASN1_OBJECT    *manifest_oid;  /* 1.3.6.1.5.5.7.48.10 (rpkiManifest) */
+ASN1_OBJECT    *notify_oid;    /* 1.3.6.1.5.5.7.48.13 (rpkiNotify) */
+ASN1_OBJECT    *roa_oid;       /* id-ct-routeOriginAuthz CMS content type */
+ASN1_OBJECT    *mft_oid;       /* id-ct-rpkiManifest CMS content type */
+ASN1_OBJECT    *gbr_oid;       /* id-ct-rpkiGhostbusters CMS content type */
+ASN1_OBJECT    *bgpsec_oid;    /* id-kp-bgpsec-router Key Purpose */
 
-static void
-init_oid(void)
+
+void
+x509_init_oid(void)
 {
+
+       if ((carepo_oid = OBJ_txt2obj("1.3.6.1.5.5.7.48.5", 1)) == NULL)
+               errx(1, "OBJ_txt2obj for %s failed", "1.3.6.1.5.5.7.48.5");
+       if ((manifest_oid = OBJ_txt2obj("1.3.6.1.5.5.7.48.10", 1)) == NULL)
+               errx(1, "OBJ_txt2obj for %s failed", "1.3.6.1.5.5.7.48.10");
+       if ((notify_oid = OBJ_txt2obj("1.3.6.1.5.5.7.48.13", 1)) == NULL)
+               errx(1, "OBJ_txt2obj for %s failed", "1.3.6.1.5.5.7.48.13");
+       if ((roa_oid = OBJ_txt2obj("1.2.840.113549.1.9.16.1.24", 1)) == NULL)
+               errx(1, "OBJ_txt2obj for %s failed",
+                   "1.2.840.113549.1.9.16.1.24");
+       if ((mft_oid = OBJ_txt2obj("1.2.840.113549.1.9.16.1.26", 1)) == NULL)
+               errx(1, "OBJ_txt2obj for %s failed",
+                   "1.2.840.113549.1.9.16.1.26");
+       if ((gbr_oid = OBJ_txt2obj("1.2.840.113549.1.9.16.1.35", 1)) == NULL)
+               errx(1, "OBJ_txt2obj for %s failed",
+                   "1.2.840.113549.1.9.16.1.35");
        if ((bgpsec_oid = OBJ_txt2obj("1.3.6.1.5.5.7.3.30", 1)) == NULL)
                errx(1, "OBJ_txt2obj for %s failed", "1.3.6.1.5.5.7.3.30");
 }
@@ -167,9 +190,6 @@ x509_get_purpose(X509 *x, const char *fn)
                goto out;
        }
 
-       if (bgpsec_oid == NULL)
-               init_oid();
-
        if (OBJ_cmp(bgpsec_oid, sk_ASN1_OBJECT_value(eku, 0)) == 0) {
                purpose = CERT_PURPOSE_BGPSEC_ROUTER;
                goto out;