[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-tech
Subject: Re: rpki-client remove double checking of hashes
From: Claudio Jeker <cjeker () diehard ! n-r-g ! com>
Date: 2021-01-28 16:27:51
Message-ID: 20210128162751.GF15870 () diehard ! n-r-g ! com
[Download RAW message or body]
On Thu, Jan 28, 2021 at 05:19:31PM +0100, Theo Buehler wrote:
> On Thu, Jan 28, 2021 at 04:42:00PM +0100, Claudio Jeker wrote:
> > Initially rpki-client checked the file hash while parsing the file (.roa,
> > .cert or .crl) but since a while rpki-client does the hash check early
> > during the .mft parsing with mft_check(). After that all files in the
> > fileandhash attribute are verified and so there is no need to do it again.
> >
> > All in all this simplifies the code a fair bit. The only problematic case
> > was the distinction between root cert and regular cert based on the
> > presence of the digest. Instead use the presence of the public key (from
> > the TAL). Result is the same, logic is inverse.
> >
> > So this still works for me.
>
> Makes sense, ok tb
>
> Please add the diff below to adjust regress when you land this.
I had the same already prepped in my tree.
> Index: test-cert.c
> ===================================================================
> RCS file: /cvs/src/regress/usr.sbin/rpki-client/test-cert.c,v
> retrieving revision 1.6
> diff -u -p -r1.6 test-cert.c
> --- test-cert.c 9 Dec 2020 11:22:47 -0000 1.6
> +++ test-cert.c 28 Jan 2021 16:14:30 -0000
> @@ -145,7 +145,7 @@ main(int argc, char *argv[])
> }
> } else {
> for (i = 0; i < argc; i++) {
> - p = cert_parse(&xp, argv[i], NULL);
> + p = cert_parse(&xp, argv[i]);
> if (p == NULL)
> break;
> if (verb)
> Index: test-roa.c
> ===================================================================
> RCS file: /cvs/src/regress/usr.sbin/rpki-client/test-roa.c,v
> retrieving revision 1.7
> diff -u -p -r1.7 test-roa.c
> --- test-roa.c 9 Nov 2020 16:13:02 -0000 1.7
> +++ test-roa.c 28 Jan 2021 16:14:44 -0000
> @@ -87,7 +87,7 @@ main(int argc, char *argv[])
> errx(1, "argument missing");
>
> for (i = 0; i < argc; i++) {
> - if ((p = roa_parse(&xp, argv[i], NULL)) == NULL)
> + if ((p = roa_parse(&xp, argv[i])) == NULL)
> break;
> if (verb)
> roa_print(p);
>
--
:wq Claudio
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic