From 803d3b9acd2f8e709a1394db2dbe32acec67319f Mon Sep 17 00:00:00 2001 From: claudio Date: Tue, 26 Oct 2021 13:31:05 +0000 Subject: [PATCH] Also move the cert parser code away from using BIO. OK beck@ --- usr.sbin/rpki-client/cert.c | 30 +++++++++++------------------- usr.sbin/rpki-client/extern.h | 8 +++++--- usr.sbin/rpki-client/parser.c | 18 ++++++++++-------- 3 files changed, 26 insertions(+), 30 deletions(-) diff --git a/usr.sbin/rpki-client/cert.c b/usr.sbin/rpki-client/cert.c index 7a384194f08..36380d03c0c 100644 --- a/usr.sbin/rpki-client/cert.c +++ b/usr.sbin/rpki-client/cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cert.c,v 1.40 2021/10/23 16:06:04 claudio Exp $ */ +/* $OpenBSD: cert.c,v 1.41 2021/10/26 13:31:05 claudio Exp $ */ /* * Copyright (c) 2021 Job Snijders * Copyright (c) 2019 Kristaps Dzonsons @@ -976,7 +976,8 @@ out: * is also dereferenced. */ static struct cert * -cert_parse_inner(X509 **xp, const char *fn, int ta) +cert_parse_inner(X509 **xp, const char *fn, const unsigned char *der, + size_t len, int ta) { int rc = 0, extsz, c; int sia_present = 0; @@ -985,28 +986,19 @@ cert_parse_inner(X509 **xp, const char *fn, int ta) X509_EXTENSION *ext = NULL; ASN1_OBJECT *obj; struct parse p; - BIO *bio = NULL; - FILE *f; *xp = NULL; - if ((f = fopen(fn, "rb")) == NULL) { - warn("%s", fn); + /* just fail for empty buffers, the warning was printed elsewhere */ + if (der == NULL) return NULL; - } - - if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) { - if (verbose > 0) - cryptowarnx("%s: BIO_new_file", fn); - return NULL; - } memset(&p, 0, sizeof(struct parse)); p.fn = fn; if ((p.res = calloc(1, sizeof(struct cert))) == NULL) err(1, NULL); - if ((x = *xp = d2i_X509_bio(bio, NULL)) == NULL) { + if ((x = *xp = d2i_X509(NULL, &der, len)) == NULL) { cryptowarnx("%s: d2i_X509_bio", p.fn); goto out; } @@ -1144,7 +1136,6 @@ cert_parse_inner(X509 **xp, const char *fn, int ta) rc = 1; out: - BIO_free_all(bio); if (rc == 0) { cert_free(p.res); X509_free(x); @@ -1154,19 +1145,20 @@ out: } struct cert * -cert_parse(X509 **xp, const char *fn) +cert_parse(X509 **xp, const char *fn, const unsigned char *der, size_t len) { - return cert_parse_inner(xp, fn, 0); + return cert_parse_inner(xp, fn, der, len, 0); } struct cert * -ta_parse(X509 **xp, const char *fn, const unsigned char *pkey, size_t pkeysz) +ta_parse(X509 **xp, const char *fn, const unsigned char *der, size_t len, + const unsigned char *pkey, size_t pkeysz) { EVP_PKEY *pk = NULL, *opk = NULL; struct cert *p; int rc = 0; - if ((p = cert_parse_inner(xp, fn, 1)) == NULL) + if ((p = cert_parse_inner(xp, fn, der, len, 1)) == NULL) return NULL; if (pkey != NULL) { diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h index 991c83d92f1..7c3cb3ed26b 100644 --- a/usr.sbin/rpki-client/extern.h +++ b/usr.sbin/rpki-client/extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: extern.h,v 1.78 2021/10/26 10:52:49 claudio Exp $ */ +/* $OpenBSD: extern.h,v 1.79 2021/10/26 13:31:05 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -403,8 +403,10 @@ struct tal *tal_read(struct ibuf *); void cert_buffer(struct ibuf *, const struct cert *); void cert_free(struct cert *); -struct cert *cert_parse(X509 **, const char *); -struct cert *ta_parse(X509 **, const char *, const unsigned char *, size_t); +struct cert *cert_parse(X509 **, const char *, const unsigned char *, + size_t); +struct cert *ta_parse(X509 **, const char *, const unsigned char *, size_t, + const unsigned char *, size_t); struct cert *cert_read(struct ibuf *); void cert_insert_brks(struct brk_tree *, struct cert *); diff --git a/usr.sbin/rpki-client/parser.c b/usr.sbin/rpki-client/parser.c index 0c4ecc8f56c..cc2f15161f0 100644 --- a/usr.sbin/rpki-client/parser.c +++ b/usr.sbin/rpki-client/parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.c,v 1.18 2021/10/26 10:52:50 claudio Exp $ */ +/* $OpenBSD: parser.c,v 1.19 2021/10/26 13:31:05 claudio Exp $ */ /* * Copyright (c) 2019 Claudio Jeker * Copyright (c) 2019 Kristaps Dzonsons @@ -191,7 +191,8 @@ proc_parser_mft(struct entity *entp, const unsigned char *der, size_t len) * parse failure. */ static struct cert * -proc_parser_cert(const struct entity *entp) +proc_parser_cert(const struct entity *entp, const unsigned char *der, + size_t len) { struct cert *cert; X509 *x509; @@ -204,7 +205,7 @@ proc_parser_cert(const struct entity *entp) /* Extract certificate data and X509. */ - cert = cert_parse(&x509, entp->file); + cert = cert_parse(&x509, entp->file, der, len); if (cert == NULL) return NULL; @@ -282,7 +283,8 @@ proc_parser_cert(const struct entity *entp) * parse failure. */ static struct cert * -proc_parser_root_cert(const struct entity *entp) +proc_parser_root_cert(const struct entity *entp, const unsigned char *der, + size_t len) { char subject[256]; ASN1_TIME *notBefore, *notAfter; @@ -296,7 +298,7 @@ proc_parser_root_cert(const struct entity *entp) /* Extract certificate data and X509. */ - cert = ta_parse(&x509, entp->file, entp->pkey, entp->pkeysz); + cert = ta_parse(&x509, entp->file, der, len, entp->pkey, entp->pkeysz); if (cert == NULL) return NULL; @@ -561,7 +563,7 @@ parse_entity(struct entityq *q, struct msgbuf *msgq) io_simple_buffer(b, &entp->type, sizeof(entp->type)); f = NULL; - if (entp->type != RTYPE_TAL && entp->type != RTYPE_CER) { + if (entp->type != RTYPE_TAL) { f = load_file(entp->file, &flen); if (f == NULL) warn("%s", entp->file); @@ -577,9 +579,9 @@ parse_entity(struct entityq *q, struct msgbuf *msgq) break; case RTYPE_CER: if (entp->has_pkey) - cert = proc_parser_root_cert(entp); + cert = proc_parser_root_cert(entp, f, flen); else - cert = proc_parser_cert(entp); + cert = proc_parser_cert(entp, f, flen); c = (cert != NULL); io_simple_buffer(b, &c, sizeof(int)); if (cert != NULL) -- 2.20.1