From: claudio Date: Thu, 7 Oct 2021 10:34:39 +0000 (+0000) Subject: Replace the ugly openssl11 hack for the missing ASN1_time_parse() and X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=9f82456fddbf18e3f3b3a496043205aee3073c13;p=openbsd Replace the ugly openssl11 hack for the missing ASN1_time_parse() and ASN1_time_tm_cmp() functions with another hack that is considerably more horrible but also less intrusive. --- diff --git a/regress/usr.sbin/rpki-client/Makefile.inc b/regress/usr.sbin/rpki-client/Makefile.inc index 7261c3b8b03..cb6d1e07398 100644 --- a/regress/usr.sbin/rpki-client/Makefile.inc +++ b/regress/usr.sbin/rpki-client/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.12 2021/10/05 11:23:16 job Exp $ +# $OpenBSD: Makefile.inc,v 1.13 2021/10/07 10:34:39 claudio Exp $ .PATH: ${.CURDIR}/../../../../usr.sbin/rpki-client @@ -26,50 +26,30 @@ TALARGS += ta/AfriNIC.cer tal/afrinic.tal TALARGS += ta/apnic-rpki-root-iana-origin.cer tal/apnic.tal TALARGS += ta/ripe-ncc-ta.cer tal/ripe.tal -SRCS_test-cert= test-cert.c cert.c cms.c x509.c ip.c as.c io.c log.c tal.c \ - validate.c encoding.c +SRCS_test-cert+= test-cert.c cert.c cms.c x509.c ip.c as.c io.c \ + log.c tal.c validate.c encoding.c run-regress-test-cert: test-cert ./test-cert -v ${.CURDIR}/../cer/*.cer ./test-cert -vt ${TALARGS:S,,${.CURDIR}/../&,} -SRCS_test-bgpsec= test-bgpsec.c cert.c cms.c x509.c ip.c as.c io.c \ +SRCS_test-bgpsec+= test-bgpsec.c cert.c cms.c x509.c ip.c as.c io.c \ log.c tal.c validate.c encoding.c run-regress-test-bgpsec: test-bgpsec ./test-bgpsec -v ${.CURDIR}/../bgpsec/*.cer -# Provide missing prototypes for OpenSSL -mft_gen.c: mft.c - echo '#include \n' > $@.tmp - echo 'int ASN1_time_parse(const char *, size_t, struct tm *, int);' \ - >> $@.tmp - echo 'int ASN1_time_tm_cmp(struct tm *, struct tm *);' >> $@.tmp - cat $> >> $@.tmp - mv -f $@.tmp $@ - -# Provide missing prototypes for OpenSSL -roa_gen.c: roa.c - echo '#include \n' > $@.tmp - echo 'int ASN1_time_parse(const char *, size_t, struct tm *, int);' \ - >> $@.tmp - echo 'int ASN1_time_tm_cmp(struct tm *, struct tm *);' >> $@.tmp - cat $> >> $@.tmp - mv -f $@.tmp $@ - -CLEANFILES += mft_gen.c mft_gen.c.tmp roa_gen.c roa_gen.c.tmp - -SRCS_test-mft+= test-mft.c mft_gen.c cms.c x509.c io.c log.c validate.c \ +SRCS_test-mft+= test-mft.c mft.c cms.c x509.c io.c log.c validate.c \ encoding.c dummy.c run-regress-test-mft: test-mft ./test-mft -v ${.CURDIR}/../mft/*.mft -SRCS_test-roa+= test-roa.c roa_gen.c cms.c x509.c ip.c as.c io.c log.c encoding.c +SRCS_test-roa+= test-roa.c roa.c cms.c x509.c ip.c as.c io.c log.c encoding.c run-regress-test-roa: test-roa ./test-roa -v ${.CURDIR}/../roa/*.roa -SRCS_test-gbr= test-gbr.c gbr.c cms.c x509.c io.c log.c encoding.c +SRCS_test-gbr+= test-gbr.c gbr.c cms.c x509.c io.c log.c encoding.c run-regress-test-gbr: test-gbr ./test-gbr -v ${.CURDIR}/../gbr/*.gbr -SRCS_test-tal= test-tal.c tal.c io.c log.c validate.c encoding.c dummy.c +SRCS_test-tal+= test-tal.c tal.c io.c log.c validate.c encoding.c dummy.c run-regress-test-tal: test-tal ./test-tal -v ${.CURDIR}/../tal/*.tal diff --git a/regress/usr.sbin/rpki-client/openssl11/Makefile b/regress/usr.sbin/rpki-client/openssl11/Makefile index 87b83348323..a84809d855f 100644 --- a/regress/usr.sbin/rpki-client/openssl11/Makefile +++ b/regress/usr.sbin/rpki-client/openssl11/Makefile @@ -1,19 +1,22 @@ LDADD += -Wl,-rpath,/usr/local/lib/eopenssl11 -L/usr/local/lib/eopenssl11 -CFLAGS += -I/usr/local/include/eopenssl11/ +CFLAGS += -I${.CURDIR}/ -I/usr/local/include/eopenssl11/ # For mft.c we need ASN1_time_parse() and ASN1_time_tm_cmp() from LibreSSL # Provide a missing prototype a_time_tm_gen.c: a_time_tm.c echo '#include \n' > $@.tmp - echo 'void ASN1error(int);' >> $@.tmp + echo '#define ASN1error(err) ASN1err(0, (err));' >> $@.tmp cat $> >> $@.tmp mv -f $@.tmp $@ CLEANFILES += a_time_tm_gen.c a_time_tm_gen.c.tmp -SRCS_test-mft = a_time_tm_gen.c o_time.c -SRCS_test-roa = a_time_tm_gen.c o_time.c +SRCS_test-mft = a_time_tm_gen.c o_time.c +SRCS_test-roa = a_time_tm_gen.c o_time.c +SRCS_test-cert = a_time_tm_gen.c o_time.c +SRCS_test-gbr = a_time_tm_gen.c o_time.c +SRCS_test-bgpsec = a_time_tm_gen.c o_time.c CFLAGS += -I${.CURDIR}/../../../../lib/libcrypto/ .PATH: ${.CURDIR}/.. diff --git a/regress/usr.sbin/rpki-client/openssl11/unistd.h b/regress/usr.sbin/rpki-client/openssl11/unistd.h new file mode 100644 index 00000000000..ec672f84364 --- /dev/null +++ b/regress/usr.sbin/rpki-client/openssl11/unistd.h @@ -0,0 +1,13 @@ +/* + * Public domain + * compatibility shim for openssl11 + * overloading unistd.h is a ugly guly hack for this issue but works here + */ + +#include_next + +#include + +int ASN1_time_parse(const char *, size_t, struct tm *, int); +int ASN1_time_tm_cmp(struct tm *, struct tm *); + diff --git a/regress/usr.sbin/rpki-client/test-cert.c b/regress/usr.sbin/rpki-client/test-cert.c index 681a13538f4..3fa2e69386e 100644 --- a/regress/usr.sbin/rpki-client/test-cert.c +++ b/regress/usr.sbin/rpki-client/test-cert.c @@ -1,4 +1,4 @@ -/* $Id: test-cert.c,v 1.10 2021/03/29 15:47:34 claudio Exp $ */ +/* $Id: test-cert.c,v 1.11 2021/10/07 10:34:39 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -42,6 +42,7 @@ cert_print(const struct cert *p) size_t i; char buf1[64], buf2[64]; int sockt; + char tbuf[21]; assert(p != NULL); @@ -56,6 +57,8 @@ cert_print(const struct cert *p) printf("Authority key identifier: %s\n", pretty_key_id(p->aki)); if (p->aia != NULL) printf("Authority info access: %s\n", p->aia); + strftime(tbuf, sizeof(tbuf), "%FT%TZ", gmtime(&p->expires)); + printf("CA valid until: %s\n", tbuf); for (i = 0; i < p->asz; i++) switch (p->as[i].type) { diff --git a/regress/usr.sbin/rpki-client/test-mft.c b/regress/usr.sbin/rpki-client/test-mft.c index 0f17bcf10f3..0f6252842a1 100644 --- a/regress/usr.sbin/rpki-client/test-mft.c +++ b/regress/usr.sbin/rpki-client/test-mft.c @@ -1,4 +1,4 @@ -/* $Id: test-mft.c,v 1.13 2021/03/29 15:47:34 claudio Exp $ */ +/* $Id: test-mft.c,v 1.14 2021/10/07 10:34:39 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -36,14 +36,6 @@ #include "test-common.c" -#ifndef ASN1error -void -ASN1error(int err) -{ - ASN1err(0, err); -} -#endif - int verbose; static void diff --git a/regress/usr.sbin/rpki-client/test-roa.c b/regress/usr.sbin/rpki-client/test-roa.c index da22e4b8b4d..e079e6426e1 100644 --- a/regress/usr.sbin/rpki-client/test-roa.c +++ b/regress/usr.sbin/rpki-client/test-roa.c @@ -1,4 +1,4 @@ -/* $Id: test-roa.c,v 1.11 2021/05/06 17:03:57 job Exp $ */ +/* $Id: test-roa.c,v 1.12 2021/10/07 10:34:39 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -32,14 +32,6 @@ #include "test-common.c" -#ifndef ASN1error -void -ASN1error(int err) -{ - ASN1err(0, err); -} -#endif - int verbose; static void @@ -47,12 +39,16 @@ roa_print(const struct roa *p) { char buf[128]; size_t i; + char tbuf[21]; assert(p != NULL); printf("Subject key identifier: %s\n", pretty_key_id(p->ski)); printf("Authority key identifier: %s\n", pretty_key_id(p->aki)); printf("Authority info access: %s\n", p->aia); + strftime(tbuf, sizeof(tbuf), "%FT%TZ", gmtime(&p->expires)); + printf("ROA valid until: %s\n", tbuf); + printf("asID: %" PRIu32 "\n", p->asid); for (i = 0; i < p->ipsz; i++) { ip_addr_print(&p->ips[i].addr,