[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-tech
Subject:    Re: rpki-client remove double checking of hashes
From:       Claudio Jeker <cjeker () diehard ! n-r-g ! com>
Date:       2021-01-28 16:27:51
Message-ID: 20210128162751.GF15870 () diehard ! n-r-g ! com
[Download RAW message or body]

On Thu, Jan 28, 2021 at 05:19:31PM +0100, Theo Buehler wrote:
> On Thu, Jan 28, 2021 at 04:42:00PM +0100, Claudio Jeker wrote:
> > Initially rpki-client checked the file hash while parsing the file (.roa,
> > .cert or .crl) but since a while rpki-client does the hash check early
> > during the .mft parsing with mft_check(). After that all files in the
> > fileandhash attribute are verified and so there is no need to do it again.
> > 
> > All in all this simplifies the code a fair bit. The only problematic case
> > was the distinction between root cert and regular cert based on the
> > presence of the digest. Instead use the presence of the public key (from
> > the TAL). Result is the same, logic is inverse.
> > 
> > So this still works for me.
> 
> Makes sense, ok tb
> 
> Please add the diff below to adjust regress when you land this.

I had the same already prepped in my tree.
 
> Index: test-cert.c
> ===================================================================
> RCS file: /cvs/src/regress/usr.sbin/rpki-client/test-cert.c,v
> retrieving revision 1.6
> diff -u -p -r1.6 test-cert.c
> --- test-cert.c	9 Dec 2020 11:22:47 -0000	1.6
> +++ test-cert.c	28 Jan 2021 16:14:30 -0000
> @@ -145,7 +145,7 @@ main(int argc, char *argv[])
>  		}
>  	} else {
>  		for (i = 0; i < argc; i++) {
> -			p = cert_parse(&xp, argv[i], NULL);
> +			p = cert_parse(&xp, argv[i]);
>  			if (p == NULL)
>  				break;
>  			if (verb)
> Index: test-roa.c
> ===================================================================
> RCS file: /cvs/src/regress/usr.sbin/rpki-client/test-roa.c,v
> retrieving revision 1.7
> diff -u -p -r1.7 test-roa.c
> --- test-roa.c	9 Nov 2020 16:13:02 -0000	1.7
> +++ test-roa.c	28 Jan 2021 16:14:44 -0000
> @@ -87,7 +87,7 @@ main(int argc, char *argv[])
>  		errx(1, "argument missing");
>  
>  	for (i = 0; i < argc; i++) {
> -		if ((p = roa_parse(&xp, argv[i], NULL)) == NULL)
> +		if ((p = roa_parse(&xp, argv[i])) == NULL)
>  			break;
>  		if (verb)
>  			roa_print(p);
> 

-- 
:wq Claudio

[prev in list] [next in list] [prev in thread] [next in thread]