Use a common x509_init_oid() function to initalize all OID (convert them
to NIDs). I prefer this over having them spread out all over the place.
OK?
--
:wq Claudio
Index: cert.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
retrieving revision 1.49
diff -u -p -r1.49 cert.c
--- cert.c 26 Dec 2021 12:32:28 -0000 1.49
+++ cert.c 17 Jan 2022 12:12:38 -0000
@@ -47,20 +47,9 @@ struct parse {
const char *fn; /* currently-parsed file */
};
-static ASN1_OBJECT *carepo_oid; /* 1.3.6.1.5.5.7.48.5 (caRepository) */
-static ASN1_OBJECT *mft_oid; /* 1.3.6.1.5.5.7.48.10 (rpkiManifest) */
-static ASN1_OBJECT *notify_oid; /* 1.3.6.1.5.5.7.48.13 (rpkiNotify) */
-
-static void
-cert_init_oid(void)
-{
- if ((carepo_oid = OBJ_txt2obj("1.3.6.1.5.5.7.48.5", 1)) == NULL)
- errx(1, "OBJ_txt2obj for %s failed", "1.3.6.1.5.5.7.48.5");
- if ((mft_oid = OBJ_txt2obj("1.3.6.1.5.5.7.48.10", 1)) == NULL)
- errx(1, "OBJ_txt2obj for %s failed", "1.3.6.1.5.5.7.48.10");
- if ((notify_oid = OBJ_txt2obj("1.3.6.1.5.5.7.48.13", 1)) == NULL)
- errx(1, "OBJ_txt2obj for %s failed", "1.3.6.1.5.5.7.48.13");
-}
+extern ASN1_OBJECT *carepo_oid; /* 1.3.6.1.5.5.7.48.5 (caRepository) */
+extern ASN1_OBJECT *manifest_oid; /* 1.3.6.1.5.5.7.48.10 (rpkiManifest) */
+extern ASN1_OBJECT *notify_oid; /* 1.3.6.1.5.5.7.48.13 (rpkiNotify) */
/*
* Append an IP address structure to our list of results.
@@ -270,12 +259,9 @@ sbgp_sia_resource_entry(struct parse *p,
if (!ASN1_frame(p->fn, dsz, &d, &plen, &ptag))
goto out;
- if (carepo_oid == NULL)
- cert_init_oid();
-
if (OBJ_cmp(oid, carepo_oid) == 0)
rc = sbgp_sia_resource_carepo(p, d, plen);
- else if (OBJ_cmp(oid, mft_oid) == 0)
+ else if (OBJ_cmp(oid, manifest_oid) == 0)
rc = sbgp_sia_resource_mft(p, d, plen);
else if (OBJ_cmp(oid, notify_oid) == 0)
rc = sbgp_sia_resource_notify(p, d, plen);
Index: extern.h
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/extern.h,v
retrieving revision 1.104
diff -u -p -r1.104 extern.h
--- extern.h 14 Jan 2022 15:00:23 -0000 1.104
+++ extern.h 17 Jan 2022 12:11:13 -0000
@@ -566,6 +566,7 @@ struct ibuf *io_buf_recvfd(int, struct i
/* X509 helpers. */
+void x509_init_oid(void);
char *x509_get_aia(X509 *, const char *);
char *x509_get_aki(X509 *, int, const char *);
char *x509_get_ski(X509 *, const char *);
Index: gbr.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/gbr.c,v
retrieving revision 1.11
diff -u -p -r1.11 gbr.c
--- gbr.c 26 Oct 2021 10:52:50 -0000 1.11
+++ gbr.c 17 Jan 2022 12:00:09 -0000
@@ -36,7 +36,7 @@ struct parse {
struct gbr *res; /* results */
};
-static ASN1_OBJECT *gbr_oid;
+extern ASN1_OBJECT *gbr_oid;
/*
* Parse a full RFC 6493 file and signed by the certificate "cacert"
@@ -52,14 +52,6 @@ gbr_parse(X509 **x509, const char *fn, c
memset(&p, 0, sizeof(struct parse));
p.fn = fn;
-
- /* OID from section 9.1, RFC 6493. */
- if (gbr_oid == NULL) {
- gbr_oid = OBJ_txt2obj("1.2.840.113549.1.9.16.1.35", 1);
- if (gbr_oid == NULL)
- errx(1, "OBJ_txt2obj for %s failed",
- "1.2.840.113549.1.9.16.1.35");
- }
cms = cms_parse_validate(x509, fn, der, len, gbr_oid, &cmsz);
if (cms == NULL)
Index: mft.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/mft.c,v
retrieving revision 1.45
diff -u -p -r1.45 mft.c
--- mft.c 13 Jan 2022 13:46:03 -0000 1.45
+++ mft.c 17 Jan 2022 11:56:43 -0000
@@ -39,7 +39,7 @@ struct parse {
struct mft *res; /* result object */
};
-static ASN1_OBJECT *mft_oid;
+extern ASN1_OBJECT *mft_oid;
static const char *
gentime2str(const ASN1_GENERALIZEDTIME *time)
@@ -417,13 +417,6 @@ mft_parse(X509 **x509, const char *fn, c
memset(&p, 0, sizeof(struct parse));
p.fn = fn;
-
- if (mft_oid == NULL) {
- mft_oid = OBJ_txt2obj("1.2.840.113549.1.9.16.1.26", 1);
- if (mft_oid == NULL)
- errx(1, "OBJ_txt2obj for %s failed",
- "1.2.840.113549.1.9.16.1.26");
- }
cms = cms_parse_validate(x509, fn, der, len, mft_oid, &cmsz);
if (cms == NULL)
Index: parser.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/parser.c,v
retrieving revision 1.37
diff -u -p -r1.37 parser.c
--- parser.c 14 Jan 2022 15:00:23 -0000 1.37
+++ parser.c 17 Jan 2022 12:11:26 -0000
@@ -839,6 +839,7 @@ proc_parser(int fd)
ERR_load_crypto_strings();
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
+ x509_init_oid();
if ((ctx = X509_STORE_CTX_new()) == NULL)
cryptoerrx("X509_STORE_CTX_new");
Index: roa.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/roa.c,v
retrieving revision 1.34
diff -u -p -r1.34 roa.c
--- roa.c 22 Dec 2021 08:44:15 -0000 1.34
+++ roa.c 17 Jan 2022 12:04:03 -0000
@@ -36,7 +36,7 @@ struct parse {
struct roa *res; /* results */
};
-static ASN1_OBJECT *roa_oid;
+extern ASN1_OBJECT *roa_oid;
/*
* Parse IP address (ROAIPAddress), RFC 6482, section 3.3.
@@ -345,14 +345,6 @@ roa_parse(X509 **x509, const char *fn, c
memset(&p, 0, sizeof(struct parse));
p.fn = fn;
-
- /* OID from section 2, RFC 6482. */
- if (roa_oid == NULL) {
- roa_oid = OBJ_txt2obj("1.2.840.113549.1.9.16.1.24", 1);
- if (roa_oid == NULL)
- errx(1, "OBJ_txt2obj for %s failed",
- "1.2.840.113549.1.9.16.1.24");
- }
cms = cms_parse_validate(x509, fn, der, len, roa_oid, &cmsz);
if (cms == NULL)
Index: x509.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/x509.c,v
retrieving revision 1.29
diff -u -p -r1.29 x509.c
--- x509.c 28 Oct 2021 09:02:19 -0000 1.29
+++ x509.c 17 Jan 2022 12:10:53 -0000
@@ -30,11 +30,34 @@
#include "extern.h"
-static ASN1_OBJECT *bgpsec_oid; /* id-kp-bgpsec-router */
+ASN1_OBJECT *carepo_oid; /* 1.3.6.1.5.5.7.48.5 (caRepository) */
+ASN1_OBJECT *manifest_oid; /* 1.3.6.1.5.5.7.48.10 (rpkiManifest) */
+ASN1_OBJECT *notify_oid; /* 1.3.6.1.5.5.7.48.13 (rpkiNotify) */
+ASN1_OBJECT *roa_oid; /* id-ct-routeOriginAuthz CMS content type */
+ASN1_OBJECT *mft_oid; /* id-ct-rpkiManifest CMS content type */
+ASN1_OBJECT *gbr_oid; /* id-ct-rpkiGhostbusters CMS content type */
+ASN1_OBJECT *bgpsec_oid; /* id-kp-bgpsec-router Key Purpose */
-static void
-init_oid(void)
+
+void
+x509_init_oid(void)
{
+
+ if ((carepo_oid = OBJ_txt2obj("1.3.6.1.5.5.7.48.5", 1)) == NULL)
+ errx(1, "OBJ_txt2obj for %s failed", "1.3.6.1.5.5.7.48.5");
+ if ((manifest_oid = OBJ_txt2obj("1.3.6.1.5.5.7.48.10", 1)) == NULL)
+ errx(1, "OBJ_txt2obj for %s failed", "1.3.6.1.5.5.7.48.10");
+ if ((notify_oid = OBJ_txt2obj("1.3.6.1.5.5.7.48.13", 1)) == NULL)
+ errx(1, "OBJ_txt2obj for %s failed", "1.3.6.1.5.5.7.48.13");
+ if ((roa_oid = OBJ_txt2obj("1.2.840.113549.1.9.16.1.24", 1)) == NULL)
+ errx(1, "OBJ_txt2obj for %s failed",
+ "1.2.840.113549.1.9.16.1.24");
+ if ((mft_oid = OBJ_txt2obj("1.2.840.113549.1.9.16.1.26", 1)) == NULL)
+ errx(1, "OBJ_txt2obj for %s failed",
+ "1.2.840.113549.1.9.16.1.26");
+ if ((gbr_oid = OBJ_txt2obj("1.2.840.113549.1.9.16.1.35", 1)) == NULL)
+ errx(1, "OBJ_txt2obj for %s failed",
+ "1.2.840.113549.1.9.16.1.35");
if ((bgpsec_oid = OBJ_txt2obj("1.3.6.1.5.5.7.3.30", 1)) == NULL)
errx(1, "OBJ_txt2obj for %s failed", "1.3.6.1.5.5.7.3.30");
}
@@ -166,9 +189,6 @@ x509_get_purpose(X509 *x, const char *fn
sk_ASN1_OBJECT_num(eku));
goto out;
}
-
- if (bgpsec_oid == NULL)
- init_oid();
if (OBJ_cmp(bgpsec_oid, sk_ASN1_OBJECT_value(eku, 0)) == 0) {
purpose = CERT_PURPOSE_BGPSEC_ROUTER;
