From: claudio <claudio@openbsd.org>
Date: Tue, 18 Jan 2022 13:06:43 +0000 (+0000)
Subject: Cleanup the scattered OBJ_txt2obj() calls and move them into
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=de9b6f5d99dcb25555ac55f2778f5274fb190d0c;p=openbsd

Cleanup the scattered OBJ_txt2obj() calls and move them into
x509_init_oid() to initalize all necessary OID objects at start.
OK tb@
---

diff --git a/usr.sbin/rpki-client/cert.c b/usr.sbin/rpki-client/cert.c
index a8ec8799d29..074a701e5d3 100644
--- a/usr.sbin/rpki-client/cert.c
+++ b/usr.sbin/rpki-client/cert.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: cert.c,v 1.49 2021/12/26 12:32:28 tb Exp $ */
+/*	$OpenBSD: cert.c,v 1.50 2022/01/18 13:06:43 claudio Exp $ */
 /*
  * Copyright (c) 2021 Job Snijders <job@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -47,20 +47,9 @@ struct	parse {
 	const char	*fn; /* currently-parsed file */
 };
 
-static ASN1_OBJECT	*carepo_oid;	/* 1.3.6.1.5.5.7.48.5 (caRepository) */
-static ASN1_OBJECT	*mft_oid;	/* 1.3.6.1.5.5.7.48.10 (rpkiManifest) */
-static ASN1_OBJECT	*notify_oid;	/* 1.3.6.1.5.5.7.48.13 (rpkiNotify) */
-
-static void
-cert_init_oid(void)
-{
-	if ((carepo_oid = OBJ_txt2obj("1.3.6.1.5.5.7.48.5", 1)) == NULL)
-		errx(1, "OBJ_txt2obj for %s failed", "1.3.6.1.5.5.7.48.5");
-	if ((mft_oid = OBJ_txt2obj("1.3.6.1.5.5.7.48.10", 1)) == NULL)
-		errx(1, "OBJ_txt2obj for %s failed", "1.3.6.1.5.5.7.48.10");
-	if ((notify_oid = OBJ_txt2obj("1.3.6.1.5.5.7.48.13", 1)) == NULL)
-		errx(1, "OBJ_txt2obj for %s failed", "1.3.6.1.5.5.7.48.13");
-}
+extern ASN1_OBJECT	*carepo_oid;	/* 1.3.6.1.5.5.7.48.5 (caRepository) */
+extern ASN1_OBJECT	*manifest_oid;	/* 1.3.6.1.5.5.7.48.10 (rpkiManifest) */
+extern ASN1_OBJECT	*notify_oid;	/* 1.3.6.1.5.5.7.48.13 (rpkiNotify) */
 
 /*
  * Append an IP address structure to our list of results.
@@ -270,12 +259,9 @@ sbgp_sia_resource_entry(struct parse *p,
 	if (!ASN1_frame(p->fn, dsz, &d, &plen, &ptag))
 		goto out;
 
-	if (carepo_oid == NULL)
-		cert_init_oid();
-
 	if (OBJ_cmp(oid, carepo_oid) == 0)
 		rc = sbgp_sia_resource_carepo(p, d, plen);
-	else if (OBJ_cmp(oid, mft_oid) == 0)
+	else if (OBJ_cmp(oid, manifest_oid) == 0)
 		rc = sbgp_sia_resource_mft(p, d, plen);
 	else if (OBJ_cmp(oid, notify_oid) == 0)
 		rc = sbgp_sia_resource_notify(p, d, plen);
diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h
index 7c0fbbc4a87..ef1f9e6fc3a 100644
--- a/usr.sbin/rpki-client/extern.h
+++ b/usr.sbin/rpki-client/extern.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: extern.h,v 1.104 2022/01/14 15:00:23 claudio Exp $ */
+/*	$OpenBSD: extern.h,v 1.105 2022/01/18 13:06:43 claudio Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -566,6 +566,7 @@ struct ibuf	*io_buf_recvfd(int, struct ibuf **);
 
 /* X509 helpers. */
 
+void		 x509_init_oid(void);
 char		*x509_get_aia(X509 *, const char *);
 char		*x509_get_aki(X509 *, int, const char *);
 char		*x509_get_ski(X509 *, const char *);
diff --git a/usr.sbin/rpki-client/gbr.c b/usr.sbin/rpki-client/gbr.c
index 60b01aee2f9..431d8042d34 100644
--- a/usr.sbin/rpki-client/gbr.c
+++ b/usr.sbin/rpki-client/gbr.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: gbr.c,v 1.11 2021/10/26 10:52:50 claudio Exp $ */
+/*	$OpenBSD: gbr.c,v 1.12 2022/01/18 13:06:43 claudio Exp $ */
 /*
  * Copyright (c) 2020 Claudio Jeker <claudio@openbsd.org>
  *
@@ -36,7 +36,7 @@ struct	parse {
 	struct gbr	 *res; /* results */
 };
 
-static ASN1_OBJECT	*gbr_oid;
+extern ASN1_OBJECT	*gbr_oid;
 
 /*
  * Parse a full RFC 6493 file and signed by the certificate "cacert"
@@ -53,14 +53,6 @@ gbr_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len)
 	memset(&p, 0, sizeof(struct parse));
 	p.fn = fn;
 
-	/* OID from section 9.1, RFC 6493. */
-	if (gbr_oid == NULL) {
-		gbr_oid = OBJ_txt2obj("1.2.840.113549.1.9.16.1.35", 1);
-		if (gbr_oid == NULL)
-			errx(1, "OBJ_txt2obj for %s failed",
-			    "1.2.840.113549.1.9.16.1.35");
-	}
-
 	cms = cms_parse_validate(x509, fn, der, len, gbr_oid, &cmsz);
 	if (cms == NULL)
 		return NULL;
diff --git a/usr.sbin/rpki-client/mft.c b/usr.sbin/rpki-client/mft.c
index bd8be3091aa..f857cdb657a 100644
--- a/usr.sbin/rpki-client/mft.c
+++ b/usr.sbin/rpki-client/mft.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: mft.c,v 1.45 2022/01/13 13:46:03 claudio Exp $ */
+/*	$OpenBSD: mft.c,v 1.46 2022/01/18 13:06:43 claudio Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -39,7 +39,7 @@ struct	parse {
 	struct mft	*res; /* result object */
 };
 
-static ASN1_OBJECT    *mft_oid;
+extern ASN1_OBJECT    *mft_oid;
 
 static const char *
 gentime2str(const ASN1_GENERALIZEDTIME *time)
@@ -418,13 +418,6 @@ mft_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len)
 	memset(&p, 0, sizeof(struct parse));
 	p.fn = fn;
 
-	if (mft_oid == NULL) {
-		mft_oid = OBJ_txt2obj("1.2.840.113549.1.9.16.1.26", 1);
-		if (mft_oid == NULL)
-			errx(1, "OBJ_txt2obj for %s failed",
-			    "1.2.840.113549.1.9.16.1.26");
-	}
-
 	cms = cms_parse_validate(x509, fn, der, len, mft_oid, &cmsz);
 	if (cms == NULL)
 		return NULL;
diff --git a/usr.sbin/rpki-client/parser.c b/usr.sbin/rpki-client/parser.c
index 878c0d1923f..bf3e25d27a1 100644
--- a/usr.sbin/rpki-client/parser.c
+++ b/usr.sbin/rpki-client/parser.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parser.c,v 1.37 2022/01/14 15:00:23 claudio Exp $ */
+/*	$OpenBSD: parser.c,v 1.38 2022/01/18 13:06:43 claudio Exp $ */
 /*
  * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -839,6 +839,7 @@ proc_parser(int fd)
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_ciphers();
 	OpenSSL_add_all_digests();
+	x509_init_oid();
 
 	if ((ctx = X509_STORE_CTX_new()) == NULL)
 		cryptoerrx("X509_STORE_CTX_new");
diff --git a/usr.sbin/rpki-client/roa.c b/usr.sbin/rpki-client/roa.c
index f9197fd00b9..692ca922e14 100644
--- a/usr.sbin/rpki-client/roa.c
+++ b/usr.sbin/rpki-client/roa.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: roa.c,v 1.34 2021/12/22 08:44:15 claudio Exp $ */
+/*	$OpenBSD: roa.c,v 1.35 2022/01/18 13:06:43 claudio Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -36,7 +36,7 @@ struct	parse {
 	struct roa	 *res; /* results */
 };
 
-static ASN1_OBJECT	*roa_oid;
+extern ASN1_OBJECT	*roa_oid;
 
 /*
  * Parse IP address (ROAIPAddress), RFC 6482, section 3.3.
@@ -346,14 +346,6 @@ roa_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len)
 	memset(&p, 0, sizeof(struct parse));
 	p.fn = fn;
 
-	/* OID from section 2, RFC 6482. */
-	if (roa_oid == NULL) {
-		roa_oid = OBJ_txt2obj("1.2.840.113549.1.9.16.1.24", 1);
-		if (roa_oid == NULL)
-			errx(1, "OBJ_txt2obj for %s failed",
-			    "1.2.840.113549.1.9.16.1.24");
-	}
-
 	cms = cms_parse_validate(x509, fn, der, len, roa_oid, &cmsz);
 	if (cms == NULL)
 		return NULL;
diff --git a/usr.sbin/rpki-client/x509.c b/usr.sbin/rpki-client/x509.c
index 1b5f3ff0454..7205624a95b 100644
--- a/usr.sbin/rpki-client/x509.c
+++ b/usr.sbin/rpki-client/x509.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: x509.c,v 1.29 2021/10/28 09:02:19 beck Exp $ */
+/*	$OpenBSD: x509.c,v 1.30 2022/01/18 13:06:43 claudio Exp $ */
 /*
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -30,11 +30,34 @@
 
 #include "extern.h"
 
-static ASN1_OBJECT	*bgpsec_oid;	/* id-kp-bgpsec-router */
+ASN1_OBJECT	*carepo_oid;	/* 1.3.6.1.5.5.7.48.5 (caRepository) */
+ASN1_OBJECT	*manifest_oid;	/* 1.3.6.1.5.5.7.48.10 (rpkiManifest) */
+ASN1_OBJECT	*notify_oid;	/* 1.3.6.1.5.5.7.48.13 (rpkiNotify) */
+ASN1_OBJECT	*roa_oid;	/* id-ct-routeOriginAuthz CMS content type */
+ASN1_OBJECT	*mft_oid;	/* id-ct-rpkiManifest CMS content type */
+ASN1_OBJECT	*gbr_oid;	/* id-ct-rpkiGhostbusters CMS content type */
+ASN1_OBJECT	*bgpsec_oid;	/* id-kp-bgpsec-router Key Purpose */
 
-static void
-init_oid(void)
+
+void
+x509_init_oid(void)
 {
+
+	if ((carepo_oid = OBJ_txt2obj("1.3.6.1.5.5.7.48.5", 1)) == NULL)
+		errx(1, "OBJ_txt2obj for %s failed", "1.3.6.1.5.5.7.48.5");
+	if ((manifest_oid = OBJ_txt2obj("1.3.6.1.5.5.7.48.10", 1)) == NULL)
+		errx(1, "OBJ_txt2obj for %s failed", "1.3.6.1.5.5.7.48.10");
+	if ((notify_oid = OBJ_txt2obj("1.3.6.1.5.5.7.48.13", 1)) == NULL)
+		errx(1, "OBJ_txt2obj for %s failed", "1.3.6.1.5.5.7.48.13");
+	if ((roa_oid = OBJ_txt2obj("1.2.840.113549.1.9.16.1.24", 1)) == NULL)
+		errx(1, "OBJ_txt2obj for %s failed",
+		    "1.2.840.113549.1.9.16.1.24");
+	if ((mft_oid = OBJ_txt2obj("1.2.840.113549.1.9.16.1.26", 1)) == NULL)
+		errx(1, "OBJ_txt2obj for %s failed",
+		    "1.2.840.113549.1.9.16.1.26");
+	if ((gbr_oid = OBJ_txt2obj("1.2.840.113549.1.9.16.1.35", 1)) == NULL)
+		errx(1, "OBJ_txt2obj for %s failed",
+		    "1.2.840.113549.1.9.16.1.35");
 	if ((bgpsec_oid = OBJ_txt2obj("1.3.6.1.5.5.7.3.30", 1)) == NULL)
 		errx(1, "OBJ_txt2obj for %s failed", "1.3.6.1.5.5.7.3.30");
 }
@@ -167,9 +190,6 @@ x509_get_purpose(X509 *x, const char *fn)
 		goto out;
 	}
 
-	if (bgpsec_oid == NULL)
-		init_oid();
-
 	if (OBJ_cmp(bgpsec_oid, sk_ASN1_OBJECT_value(eku, 0)) == 0) {
 		purpose = CERT_PURPOSE_BGPSEC_ROUTER;
 		goto out;