rpki-client: adjust eContent version handling

Wed, 07 Jun 2023 03:10:43 -0700 

In anticipation of a bump of the ASPA eContent profile version, update
valid_econtent_version() to allow for non-zero versions.

OK?

Kind regards,

Job

Index: aspa.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/aspa.c,v
retrieving revision 1.17
diff -u -p -r1.17 aspa.c
--- aspa.c      26 Apr 2023 16:32:41 -0000      1.17
+++ aspa.c      7 Jun 2023 10:08:13 -0000
@@ -161,7 +161,7 @@ aspa_parse_econtent(const unsigned char 
                goto out;
        }
 
-       if (!valid_econtent_version(p->fn, aspa->version))
+       if (!valid_econtent_version(p->fn, aspa->version, 0))
                goto out;
 
        if (!as_id_parse(aspa->customerASID, &p->res->custasid)) {
Index: extern.h
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/extern.h,v
retrieving revision 1.183
diff -u -p -r1.183 extern.h
--- extern.h    30 May 2023 16:02:28 -0000      1.183
+++ extern.h    7 Jun 2023 10:08:13 -0000
@@ -690,7 +690,8 @@ int          valid_origin(const char *, const c
 int             valid_x509(char *, X509_STORE_CTX *, X509 *, struct auth *,
                    struct crl *, const char **);
 int             valid_rsc(const char *, struct cert *, struct rsc *);
-int             valid_econtent_version(const char *, const ASN1_INTEGER *);
+int             valid_econtent_version(const char *, const ASN1_INTEGER *,
+                   uint64_t);
 int             valid_aspa(const char *, struct cert *, struct aspa *);
 int             valid_geofeed(const char *, struct cert *, struct geofeed *);
 int             valid_uuid(const char *);
Index: mft.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/mft.c,v
retrieving revision 1.93
diff -u -p -r1.93 mft.c
--- mft.c       22 May 2023 15:15:25 -0000      1.93
+++ mft.c       7 Jun 2023 10:08:13 -0000
@@ -286,7 +286,7 @@ mft_parse_econtent(const unsigned char *
                goto out;
        }
 
-       if (!valid_econtent_version(p->fn, mft->version))
+       if (!valid_econtent_version(p->fn, mft->version, 0))
                goto out;
 
        p->res->seqnum = x509_convert_seqnum(p->fn, mft->manifestNumber);
Index: roa.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/roa.c,v
retrieving revision 1.67
diff -u -p -r1.67 roa.c
--- roa.c       23 May 2023 06:42:08 -0000      1.67
+++ roa.c       7 Jun 2023 10:08:13 -0000
@@ -119,7 +119,7 @@ roa_parse_econtent(const unsigned char *
                goto out;
        }
 
-       if (!valid_econtent_version(p->fn, roa->version))
+       if (!valid_econtent_version(p->fn, roa->version, 0))
                goto out;
 
        if (!as_id_parse(roa->asid, &p->res->asid)) {
Index: rsc.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/rsc.c,v
retrieving revision 1.25
diff -u -p -r1.25 rsc.c
--- rsc.c       12 Mar 2023 13:31:39 -0000      1.25
+++ rsc.c       7 Jun 2023 10:08:13 -0000
@@ -339,7 +339,7 @@ rsc_parse_econtent(const unsigned char *
                goto out;
        }
 
-       if (!valid_econtent_version(p->fn, rsc->version))
+       if (!valid_econtent_version(p->fn, rsc->version, 0))
                goto out;
 
        resources = rsc->resources;
Index: tak.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/tak.c,v
retrieving revision 1.8
diff -u -p -r1.8 tak.c
--- tak.c       12 Mar 2023 11:46:35 -0000      1.8
+++ tak.c       7 Jun 2023 10:08:13 -0000
@@ -195,7 +195,7 @@ tak_parse_econtent(const unsigned char *
                goto out;
        }
 
-       if (!valid_econtent_version(fn, tak->version))
+       if (!valid_econtent_version(fn, tak->version, 0))
                goto out;
 
        p->res->current = parse_takey(fn, tak->current);
Index: validate.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/validate.c,v
retrieving revision 1.63
diff -u -p -r1.63 validate.c
--- validate.c  30 May 2023 12:14:48 -0000      1.63
+++ validate.c  7 Jun 2023 10:08:13 -0000
@@ -514,11 +514,12 @@ valid_rsc(const char *fn, struct cert *c
 }
 
 int
-valid_econtent_version(const char *fn, const ASN1_INTEGER *aint)
+valid_econtent_version(const char *fn, const ASN1_INTEGER *aint,
+    uint64_t expected)
 {
        uint64_t version;
 
-       if (aint == NULL)
+       if (expected == 0 && aint == NULL)
                return 1;
 
        if (!ASN1_INTEGER_get_uint64(&version, aint)) {
@@ -526,15 +527,18 @@ valid_econtent_version(const char *fn, c
                return 0;
        }
 
-       switch (version) {
-       case 0:
+       if (version == 0) {
                warnx("%s: incorrect encoding for version 0", fn);
                return 0;
-       default:
-               warnx("%s: version %llu not supported (yet)", fn,
-                   (unsigned long long)version);
+       }
+
+       if (version != expected) {
+               warnx("%s: invalid version (expected %llu, got %llu)", fn,
+                   (unsigned long long)expected, (unsigned long long)version);
                return 0;
        }
+
+       return 1;
 }
 
 /*

Reply via email to