#
1.33 |
|
19-Mar-2024 |
tb |
Rename parent to issuer in struct auth
Parent is confusing and issuer is the appropriate terminology. This is a mechanical diff. The only remaining uses of 'parent' in this code base now mean 'parent process'.
discussed with beck and job ok job
|
Revision tags: OPENBSD_7_5_BASE
|
#
1.32 |
|
27-Dec-2023 |
tb |
Rework the warnings on internet resources
Unify the printing of warnings about AS numbers and IP address blocks to use a call to as_warn() and ip_warn(). Fix a bug in the latter where the upper bound of an IP range didn't take the RFC 3779 encoding into account and passed the address directly to inet_pton() rather than filling the missing bits with 1. Switch the argument order to match the warnings and tweak some warning messages.
ok claudio job
|
#
1.31 |
|
18-Oct-2023 |
tb |
rpki-client: move inherit in {ip,as}_warn()
While alphabetic order makes sense, having inherit between individual AS and IP entries and ranges makes little sense. Use the order that we have elsewhere.
ok claudio job
|
#
1.30 |
|
18-Oct-2023 |
tb |
rpki-client: rework ip_addr_check_overlap()
Avoid conditional early returns and significantly simplify the printing of ip addresses/ranges by using the new ip_warn(). This also eliminates an extremely weird usage of the comma operator and reduces noise levels quite a bit.
ok claudio job
|
#
1.29 |
|
13-Oct-2023 |
job |
Allow imposing constraints on RPKI trust anchors
The ability to constrain a RPKI Trust Anchor's effective signing authority to a limited set of Internet Number Resources allows Relying Parties to enjoy the potential benefits of assuming trust, within a bounded scope.
Some examples: ARIN does not support inter-RIR IPv6 transfers, so it wouldn't make any sense to see a ROA subordinate to ARIN's trust anchor covering RIPE-managed IPv6 space. Conversely, it wouldn't make sense to observe a ROA covering ARIN-managed IPv6 space under APNIC's, LACNIC's, or RIPE's trust anchor - even if a derived trust arc (a cryptographically valid certificate path) existed. Along these same lines, AFRINIC doesn't support inter-RIR transfers of any kind, and none of the RIRs have authority over private resources like 10.0.0.0/8 and 2001:db8::/32.
For more background see: https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/ https://mailman.nanog.org/pipermail/nanog/2023-September/223354.html
With and OK tb@, OK claudio@
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.28 |
|
25-Sep-2023 |
job |
Introduce ip_addr_range_print() to avoid code repetition
OK tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.27 |
|
29-Nov-2022 |
job |
Only include stdarg.h, if we call any of va_{start,end}()
OK tb@
|
#
1.26 |
|
29-Nov-2022 |
job |
Only include assert.h if we call assert()
OK tb@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.25 |
|
15-May-2022 |
tb |
More KNF and whitespace fixes.
|
#
1.24 |
|
15-May-2022 |
deraadt |
whitespace spotted during read-thru
|
#
1.23 |
|
13-May-2022 |
tb |
Fix unused bits handling for ip addresses
If ASN1_STRING_FLAG_BITS_LEFT is set, only the lower three bits of the flags represent the unused bits. Other flags have nothing to with lengths, so stop interpreting them as such and throwing strange errors.
ok claudio
|
#
1.22 |
|
11-May-2022 |
tb |
Zap stray space
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.21 |
|
26-Dec-2021 |
tb |
fix spelling of inheritance
|
#
1.20 |
|
10-Nov-2021 |
claudio |
Collaps the AFI specific IP print functions into ip_addr_print() their only difference was the buffersize and AF argument to inet_ntop. Use INET6_ADDRSTRLEN as the buffer size and convert the AFI to AF in a switch statement. OK denis@ kn@ deraadt@
|
#
1.19 |
|
05-Nov-2021 |
claudio |
Simplify how IP addresses and AS numbers are passed between processes. Since they are stored in an array just blast the full array in and out of the io buffers at once instead of iterating element by element. It also allows to remove a lot of extra code. OK benno@ job@
|
#
1.18 |
|
23-Oct-2021 |
claudio |
Finnally move away from blocking reads in rpki-client. The code was a mish mash of poll, non-blocking writes and blocking reads. Using the introduced ibuf size header in io_buf_new()/io_buf_close() the read side can be changed to pull in a full ibuf and only start the un-marshal once all data has been read. OK benno@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.17 |
|
19-Apr-2021 |
deraadt |
branches: 1.17.4; code review results in KNF, and moving local variables into lowest scope ok claudio
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.16 |
|
29-Mar-2021 |
deraadt |
branches: 1.16.2; Check all inet_ntop() calls, in case we screw up the parameters somehow we prefer a failure rather than some sort of weird truncation ok claudio
|
#
1.15 |
|
29-Mar-2021 |
deraadt |
3 additional snprintf() range checks (inconceivable these would ever truncate, but if they do, we prefer to know) ok job claudio
|
#
1.14 |
|
08-Jan-2021 |
claudio |
Start using the ibuf API (ibuf_dynamic, ibuf_add, ibuf_close) for writing data between processes. This completely decouples the write side. rpki-client can't really use the imsg framework but it can use the ibuf bits wich imsg is built on. OK benno@ job@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.13 |
|
12-Sep-2020 |
claudio |
Include openssl/x509.h in extern.h since it uses a few of the typedefs from there in structs and prototypes. Remove the openssl/ssl.h and other strange openssl includes in the .c files that don't use openssl specific functions. OK beck@ and tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.12 |
|
16-Apr-2020 |
claudio |
It is unclear why data is memcpy-ed into a char buf[2] that is used as argument to ntohs(). Just memcpy to a uint16_t value and ntohs this value. Fixes possible alignment issues as reported by newer gcc compilers. OK beck@
|
#
1.11 |
|
16-Apr-2020 |
claudio |
Revert last commit, this file slipped in.
|
#
1.10 |
|
16-Apr-2020 |
claudio |
Replace deprecated ERR_remove_state(0) with ERR_remove_thread_state(NULL); OK tb@
|
#
1.9 |
|
27-Nov-2019 |
deraadt |
swap some comparisons
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.8 |
|
03-Oct-2019 |
claudio |
memset struct ip_addr before assigning values to it. in the IPv4 case 12 bytes of the struct were not touched and left uninitialized which is not the idea. Diff from Alexandre Hamada (hamada at registro dot br)
|
#
1.7 |
|
20-Jun-2019 |
claudio |
If the ASN1_BIT_STRING has a length of 0 the unused bit count must be 0. Check this and also adjust the upper limit check to >= 8 since only the values 0 - 7 are valid. Found by jsg@ with afl. OK deraadt@
|
#
1.6 |
|
19-Jun-2019 |
deraadt |
use $OpenBSD$ headers
|
#
1.5 |
|
19-Jun-2019 |
claudio |
Instead of the strange ASN.1 encoding of IP addresses with a size in bytes and a count of how many bits of the last byte are unused switch to a much more normal prefixlen in bits encoding for internal use. This makes the code easier to understand. Also switch to inet_ntop() for converting a struct ip_addr into a string. OK job@
|
#
1.4 |
|
19-Jun-2019 |
deraadt |
indentation adjustments, in particular near warn statements ok claudio
|
#
1.3 |
|
17-Jun-2019 |
deraadt |
system includes first, always.
|
#
1.2 |
|
17-Jun-2019 |
deraadt |
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
|
#
1.1 |
|
17-Jun-2019 |
job |
branches: 1.1.1; Initial revision
|
#
1.32 |
|
27-Dec-2023 |
tb |
Rework the warnings on internet resources
Unify the printing of warnings about AS numbers and IP address blocks to use a call to as_warn() and ip_warn(). Fix a bug in the latter where the upper bound of an IP range didn't take the RFC 3779 encoding into account and passed the address directly to inet_pton() rather than filling the missing bits with 1. Switch the argument order to match the warnings and tweak some warning messages.
ok claudio job
|
#
1.31 |
|
18-Oct-2023 |
tb |
rpki-client: move inherit in {ip,as}_warn()
While alphabetic order makes sense, having inherit between individual AS and IP entries and ranges makes little sense. Use the order that we have elsewhere.
ok claudio job
|
#
1.30 |
|
18-Oct-2023 |
tb |
rpki-client: rework ip_addr_check_overlap()
Avoid conditional early returns and significantly simplify the printing of ip addresses/ranges by using the new ip_warn(). This also eliminates an extremely weird usage of the comma operator and reduces noise levels quite a bit.
ok claudio job
|
#
1.29 |
|
13-Oct-2023 |
job |
Allow imposing constraints on RPKI trust anchors
The ability to constrain a RPKI Trust Anchor's effective signing authority to a limited set of Internet Number Resources allows Relying Parties to enjoy the potential benefits of assuming trust, within a bounded scope.
Some examples: ARIN does not support inter-RIR IPv6 transfers, so it wouldn't make any sense to see a ROA subordinate to ARIN's trust anchor covering RIPE-managed IPv6 space. Conversely, it wouldn't make sense to observe a ROA covering ARIN-managed IPv6 space under APNIC's, LACNIC's, or RIPE's trust anchor - even if a derived trust arc (a cryptographically valid certificate path) existed. Along these same lines, AFRINIC doesn't support inter-RIR transfers of any kind, and none of the RIRs have authority over private resources like 10.0.0.0/8 and 2001:db8::/32.
For more background see: https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/ https://mailman.nanog.org/pipermail/nanog/2023-September/223354.html
With and OK tb@, OK claudio@
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.28 |
|
25-Sep-2023 |
job |
Introduce ip_addr_range_print() to avoid code repetition
OK tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.27 |
|
29-Nov-2022 |
job |
Only include stdarg.h, if we call any of va_{start,end}()
OK tb@
|
#
1.26 |
|
29-Nov-2022 |
job |
Only include assert.h if we call assert()
OK tb@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.25 |
|
15-May-2022 |
tb |
More KNF and whitespace fixes.
|
#
1.24 |
|
15-May-2022 |
deraadt |
whitespace spotted during read-thru
|
#
1.23 |
|
13-May-2022 |
tb |
Fix unused bits handling for ip addresses
If ASN1_STRING_FLAG_BITS_LEFT is set, only the lower three bits of the flags represent the unused bits. Other flags have nothing to with lengths, so stop interpreting them as such and throwing strange errors.
ok claudio
|
#
1.22 |
|
11-May-2022 |
tb |
Zap stray space
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.21 |
|
26-Dec-2021 |
tb |
fix spelling of inheritance
|
#
1.20 |
|
10-Nov-2021 |
claudio |
Collaps the AFI specific IP print functions into ip_addr_print() their only difference was the buffersize and AF argument to inet_ntop. Use INET6_ADDRSTRLEN as the buffer size and convert the AFI to AF in a switch statement. OK denis@ kn@ deraadt@
|
#
1.19 |
|
05-Nov-2021 |
claudio |
Simplify how IP addresses and AS numbers are passed between processes. Since they are stored in an array just blast the full array in and out of the io buffers at once instead of iterating element by element. It also allows to remove a lot of extra code. OK benno@ job@
|
#
1.18 |
|
23-Oct-2021 |
claudio |
Finnally move away from blocking reads in rpki-client. The code was a mish mash of poll, non-blocking writes and blocking reads. Using the introduced ibuf size header in io_buf_new()/io_buf_close() the read side can be changed to pull in a full ibuf and only start the un-marshal once all data has been read. OK benno@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.17 |
|
19-Apr-2021 |
deraadt |
branches: 1.17.4; code review results in KNF, and moving local variables into lowest scope ok claudio
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.16 |
|
29-Mar-2021 |
deraadt |
branches: 1.16.2; Check all inet_ntop() calls, in case we screw up the parameters somehow we prefer a failure rather than some sort of weird truncation ok claudio
|
#
1.15 |
|
29-Mar-2021 |
deraadt |
3 additional snprintf() range checks (inconceivable these would ever truncate, but if they do, we prefer to know) ok job claudio
|
#
1.14 |
|
08-Jan-2021 |
claudio |
Start using the ibuf API (ibuf_dynamic, ibuf_add, ibuf_close) for writing data between processes. This completely decouples the write side. rpki-client can't really use the imsg framework but it can use the ibuf bits wich imsg is built on. OK benno@ job@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.13 |
|
12-Sep-2020 |
claudio |
Include openssl/x509.h in extern.h since it uses a few of the typedefs from there in structs and prototypes. Remove the openssl/ssl.h and other strange openssl includes in the .c files that don't use openssl specific functions. OK beck@ and tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.12 |
|
16-Apr-2020 |
claudio |
It is unclear why data is memcpy-ed into a char buf[2] that is used as argument to ntohs(). Just memcpy to a uint16_t value and ntohs this value. Fixes possible alignment issues as reported by newer gcc compilers. OK beck@
|
#
1.11 |
|
16-Apr-2020 |
claudio |
Revert last commit, this file slipped in.
|
#
1.10 |
|
16-Apr-2020 |
claudio |
Replace deprecated ERR_remove_state(0) with ERR_remove_thread_state(NULL); OK tb@
|
#
1.9 |
|
27-Nov-2019 |
deraadt |
swap some comparisons
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.8 |
|
03-Oct-2019 |
claudio |
memset struct ip_addr before assigning values to it. in the IPv4 case 12 bytes of the struct were not touched and left uninitialized which is not the idea. Diff from Alexandre Hamada (hamada at registro dot br)
|
#
1.7 |
|
20-Jun-2019 |
claudio |
If the ASN1_BIT_STRING has a length of 0 the unused bit count must be 0. Check this and also adjust the upper limit check to >= 8 since only the values 0 - 7 are valid. Found by jsg@ with afl. OK deraadt@
|
#
1.6 |
|
19-Jun-2019 |
deraadt |
use $OpenBSD$ headers
|
#
1.5 |
|
19-Jun-2019 |
claudio |
Instead of the strange ASN.1 encoding of IP addresses with a size in bytes and a count of how many bits of the last byte are unused switch to a much more normal prefixlen in bits encoding for internal use. This makes the code easier to understand. Also switch to inet_ntop() for converting a struct ip_addr into a string. OK job@
|
#
1.4 |
|
19-Jun-2019 |
deraadt |
indentation adjustments, in particular near warn statements ok claudio
|
#
1.3 |
|
17-Jun-2019 |
deraadt |
system includes first, always.
|
#
1.2 |
|
17-Jun-2019 |
deraadt |
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
|
#
1.1 |
|
17-Jun-2019 |
job |
branches: 1.1.1; Initial revision
|
#
1.31 |
|
18-Oct-2023 |
tb |
rpki-client: move inherit in {ip,as}_warn()
While alphabetic order makes sense, having inherit between individual AS and IP entries and ranges makes little sense. Use the order that we have elsewhere.
ok claudio job
|
#
1.30 |
|
18-Oct-2023 |
tb |
rpki-client: rework ip_addr_check_overlap()
Avoid conditional early returns and significantly simplify the printing of ip addresses/ranges by using the new ip_warn(). This also eliminates an extremely weird usage of the comma operator and reduces noise levels quite a bit.
ok claudio job
|
#
1.29 |
|
13-Oct-2023 |
job |
Allow imposing constraints on RPKI trust anchors
The ability to constrain a RPKI Trust Anchor's effective signing authority to a limited set of Internet Number Resources allows Relying Parties to enjoy the potential benefits of assuming trust, within a bounded scope.
Some examples: ARIN does not support inter-RIR IPv6 transfers, so it wouldn't make any sense to see a ROA subordinate to ARIN's trust anchor covering RIPE-managed IPv6 space. Conversely, it wouldn't make sense to observe a ROA covering ARIN-managed IPv6 space under APNIC's, LACNIC's, or RIPE's trust anchor - even if a derived trust arc (a cryptographically valid certificate path) existed. Along these same lines, AFRINIC doesn't support inter-RIR transfers of any kind, and none of the RIRs have authority over private resources like 10.0.0.0/8 and 2001:db8::/32.
For more background see: https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/ https://mailman.nanog.org/pipermail/nanog/2023-September/223354.html
With and OK tb@, OK claudio@
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.28 |
|
25-Sep-2023 |
job |
Introduce ip_addr_range_print() to avoid code repetition
OK tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.27 |
|
29-Nov-2022 |
job |
Only include stdarg.h, if we call any of va_{start,end}()
OK tb@
|
#
1.26 |
|
29-Nov-2022 |
job |
Only include assert.h if we call assert()
OK tb@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.25 |
|
15-May-2022 |
tb |
More KNF and whitespace fixes.
|
#
1.24 |
|
15-May-2022 |
deraadt |
whitespace spotted during read-thru
|
#
1.23 |
|
13-May-2022 |
tb |
Fix unused bits handling for ip addresses
If ASN1_STRING_FLAG_BITS_LEFT is set, only the lower three bits of the flags represent the unused bits. Other flags have nothing to with lengths, so stop interpreting them as such and throwing strange errors.
ok claudio
|
#
1.22 |
|
11-May-2022 |
tb |
Zap stray space
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.21 |
|
26-Dec-2021 |
tb |
fix spelling of inheritance
|
#
1.20 |
|
10-Nov-2021 |
claudio |
Collaps the AFI specific IP print functions into ip_addr_print() their only difference was the buffersize and AF argument to inet_ntop. Use INET6_ADDRSTRLEN as the buffer size and convert the AFI to AF in a switch statement. OK denis@ kn@ deraadt@
|
#
1.19 |
|
05-Nov-2021 |
claudio |
Simplify how IP addresses and AS numbers are passed between processes. Since they are stored in an array just blast the full array in and out of the io buffers at once instead of iterating element by element. It also allows to remove a lot of extra code. OK benno@ job@
|
#
1.18 |
|
23-Oct-2021 |
claudio |
Finnally move away from blocking reads in rpki-client. The code was a mish mash of poll, non-blocking writes and blocking reads. Using the introduced ibuf size header in io_buf_new()/io_buf_close() the read side can be changed to pull in a full ibuf and only start the un-marshal once all data has been read. OK benno@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.17 |
|
19-Apr-2021 |
deraadt |
branches: 1.17.4; code review results in KNF, and moving local variables into lowest scope ok claudio
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.16 |
|
29-Mar-2021 |
deraadt |
branches: 1.16.2; Check all inet_ntop() calls, in case we screw up the parameters somehow we prefer a failure rather than some sort of weird truncation ok claudio
|
#
1.15 |
|
29-Mar-2021 |
deraadt |
3 additional snprintf() range checks (inconceivable these would ever truncate, but if they do, we prefer to know) ok job claudio
|
#
1.14 |
|
08-Jan-2021 |
claudio |
Start using the ibuf API (ibuf_dynamic, ibuf_add, ibuf_close) for writing data between processes. This completely decouples the write side. rpki-client can't really use the imsg framework but it can use the ibuf bits wich imsg is built on. OK benno@ job@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.13 |
|
12-Sep-2020 |
claudio |
Include openssl/x509.h in extern.h since it uses a few of the typedefs from there in structs and prototypes. Remove the openssl/ssl.h and other strange openssl includes in the .c files that don't use openssl specific functions. OK beck@ and tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.12 |
|
16-Apr-2020 |
claudio |
It is unclear why data is memcpy-ed into a char buf[2] that is used as argument to ntohs(). Just memcpy to a uint16_t value and ntohs this value. Fixes possible alignment issues as reported by newer gcc compilers. OK beck@
|
#
1.11 |
|
16-Apr-2020 |
claudio |
Revert last commit, this file slipped in.
|
#
1.10 |
|
16-Apr-2020 |
claudio |
Replace deprecated ERR_remove_state(0) with ERR_remove_thread_state(NULL); OK tb@
|
#
1.9 |
|
27-Nov-2019 |
deraadt |
swap some comparisons
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.8 |
|
03-Oct-2019 |
claudio |
memset struct ip_addr before assigning values to it. in the IPv4 case 12 bytes of the struct were not touched and left uninitialized which is not the idea. Diff from Alexandre Hamada (hamada at registro dot br)
|
#
1.7 |
|
20-Jun-2019 |
claudio |
If the ASN1_BIT_STRING has a length of 0 the unused bit count must be 0. Check this and also adjust the upper limit check to >= 8 since only the values 0 - 7 are valid. Found by jsg@ with afl. OK deraadt@
|
#
1.6 |
|
19-Jun-2019 |
deraadt |
use $OpenBSD$ headers
|
#
1.5 |
|
19-Jun-2019 |
claudio |
Instead of the strange ASN.1 encoding of IP addresses with a size in bytes and a count of how many bits of the last byte are unused switch to a much more normal prefixlen in bits encoding for internal use. This makes the code easier to understand. Also switch to inet_ntop() for converting a struct ip_addr into a string. OK job@
|
#
1.4 |
|
19-Jun-2019 |
deraadt |
indentation adjustments, in particular near warn statements ok claudio
|
#
1.3 |
|
17-Jun-2019 |
deraadt |
system includes first, always.
|
#
1.2 |
|
17-Jun-2019 |
deraadt |
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
|
#
1.1 |
|
17-Jun-2019 |
job |
branches: 1.1.1; Initial revision
|
#
1.29 |
|
13-Oct-2023 |
job |
Allow imposing constraints on RPKI trust anchors
The ability to constrain a RPKI Trust Anchor's effective signing authority to a limited set of Internet Number Resources allows Relying Parties to enjoy the potential benefits of assuming trust, within a bounded scope.
Some examples: ARIN does not support inter-RIR IPv6 transfers, so it wouldn't make any sense to see a ROA subordinate to ARIN's trust anchor covering RIPE-managed IPv6 space. Conversely, it wouldn't make sense to observe a ROA covering ARIN-managed IPv6 space under APNIC's, LACNIC's, or RIPE's trust anchor - even if a derived trust arc (a cryptographically valid certificate path) existed. Along these same lines, AFRINIC doesn't support inter-RIR transfers of any kind, and none of the RIRs have authority over private resources like 10.0.0.0/8 and 2001:db8::/32.
For more background see: https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/ https://mailman.nanog.org/pipermail/nanog/2023-September/223354.html
With and OK tb@, OK claudio@
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.28 |
|
25-Sep-2023 |
job |
Introduce ip_addr_range_print() to avoid code repetition
OK tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.27 |
|
29-Nov-2022 |
job |
Only include stdarg.h, if we call any of va_{start,end}()
OK tb@
|
#
1.26 |
|
29-Nov-2022 |
job |
Only include assert.h if we call assert()
OK tb@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.25 |
|
15-May-2022 |
tb |
More KNF and whitespace fixes.
|
#
1.24 |
|
15-May-2022 |
deraadt |
whitespace spotted during read-thru
|
#
1.23 |
|
13-May-2022 |
tb |
Fix unused bits handling for ip addresses
If ASN1_STRING_FLAG_BITS_LEFT is set, only the lower three bits of the flags represent the unused bits. Other flags have nothing to with lengths, so stop interpreting them as such and throwing strange errors.
ok claudio
|
#
1.22 |
|
11-May-2022 |
tb |
Zap stray space
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.21 |
|
26-Dec-2021 |
tb |
fix spelling of inheritance
|
#
1.20 |
|
10-Nov-2021 |
claudio |
Collaps the AFI specific IP print functions into ip_addr_print() their only difference was the buffersize and AF argument to inet_ntop. Use INET6_ADDRSTRLEN as the buffer size and convert the AFI to AF in a switch statement. OK denis@ kn@ deraadt@
|
#
1.19 |
|
05-Nov-2021 |
claudio |
Simplify how IP addresses and AS numbers are passed between processes. Since they are stored in an array just blast the full array in and out of the io buffers at once instead of iterating element by element. It also allows to remove a lot of extra code. OK benno@ job@
|
#
1.18 |
|
23-Oct-2021 |
claudio |
Finnally move away from blocking reads in rpki-client. The code was a mish mash of poll, non-blocking writes and blocking reads. Using the introduced ibuf size header in io_buf_new()/io_buf_close() the read side can be changed to pull in a full ibuf and only start the un-marshal once all data has been read. OK benno@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.17 |
|
19-Apr-2021 |
deraadt |
branches: 1.17.4; code review results in KNF, and moving local variables into lowest scope ok claudio
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.16 |
|
29-Mar-2021 |
deraadt |
branches: 1.16.2; Check all inet_ntop() calls, in case we screw up the parameters somehow we prefer a failure rather than some sort of weird truncation ok claudio
|
#
1.15 |
|
29-Mar-2021 |
deraadt |
3 additional snprintf() range checks (inconceivable these would ever truncate, but if they do, we prefer to know) ok job claudio
|
#
1.14 |
|
08-Jan-2021 |
claudio |
Start using the ibuf API (ibuf_dynamic, ibuf_add, ibuf_close) for writing data between processes. This completely decouples the write side. rpki-client can't really use the imsg framework but it can use the ibuf bits wich imsg is built on. OK benno@ job@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.13 |
|
12-Sep-2020 |
claudio |
Include openssl/x509.h in extern.h since it uses a few of the typedefs from there in structs and prototypes. Remove the openssl/ssl.h and other strange openssl includes in the .c files that don't use openssl specific functions. OK beck@ and tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.12 |
|
16-Apr-2020 |
claudio |
It is unclear why data is memcpy-ed into a char buf[2] that is used as argument to ntohs(). Just memcpy to a uint16_t value and ntohs this value. Fixes possible alignment issues as reported by newer gcc compilers. OK beck@
|
#
1.11 |
|
16-Apr-2020 |
claudio |
Revert last commit, this file slipped in.
|
#
1.10 |
|
16-Apr-2020 |
claudio |
Replace deprecated ERR_remove_state(0) with ERR_remove_thread_state(NULL); OK tb@
|
#
1.9 |
|
27-Nov-2019 |
deraadt |
swap some comparisons
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.8 |
|
03-Oct-2019 |
claudio |
memset struct ip_addr before assigning values to it. in the IPv4 case 12 bytes of the struct were not touched and left uninitialized which is not the idea. Diff from Alexandre Hamada (hamada at registro dot br)
|
#
1.7 |
|
20-Jun-2019 |
claudio |
If the ASN1_BIT_STRING has a length of 0 the unused bit count must be 0. Check this and also adjust the upper limit check to >= 8 since only the values 0 - 7 are valid. Found by jsg@ with afl. OK deraadt@
|
#
1.6 |
|
19-Jun-2019 |
deraadt |
use $OpenBSD$ headers
|
#
1.5 |
|
19-Jun-2019 |
claudio |
Instead of the strange ASN.1 encoding of IP addresses with a size in bytes and a count of how many bits of the last byte are unused switch to a much more normal prefixlen in bits encoding for internal use. This makes the code easier to understand. Also switch to inet_ntop() for converting a struct ip_addr into a string. OK job@
|
#
1.4 |
|
19-Jun-2019 |
deraadt |
indentation adjustments, in particular near warn statements ok claudio
|
#
1.3 |
|
17-Jun-2019 |
deraadt |
system includes first, always.
|
#
1.2 |
|
17-Jun-2019 |
deraadt |
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
|
#
1.1 |
|
17-Jun-2019 |
job |
branches: 1.1.1; Initial revision
|
#
1.28 |
|
25-Sep-2023 |
job |
Introduce ip_addr_range_print() to avoid code repetition
OK tb@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.27 |
|
29-Nov-2022 |
job |
Only include stdarg.h, if we call any of va_{start,end}()
OK tb@
|
#
1.26 |
|
29-Nov-2022 |
job |
Only include assert.h if we call assert()
OK tb@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.25 |
|
15-May-2022 |
tb |
More KNF and whitespace fixes.
|
#
1.24 |
|
15-May-2022 |
deraadt |
whitespace spotted during read-thru
|
#
1.23 |
|
13-May-2022 |
tb |
Fix unused bits handling for ip addresses
If ASN1_STRING_FLAG_BITS_LEFT is set, only the lower three bits of the flags represent the unused bits. Other flags have nothing to with lengths, so stop interpreting them as such and throwing strange errors.
ok claudio
|
#
1.22 |
|
11-May-2022 |
tb |
Zap stray space
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.21 |
|
26-Dec-2021 |
tb |
fix spelling of inheritance
|
#
1.20 |
|
10-Nov-2021 |
claudio |
Collaps the AFI specific IP print functions into ip_addr_print() their only difference was the buffersize and AF argument to inet_ntop. Use INET6_ADDRSTRLEN as the buffer size and convert the AFI to AF in a switch statement. OK denis@ kn@ deraadt@
|
#
1.19 |
|
05-Nov-2021 |
claudio |
Simplify how IP addresses and AS numbers are passed between processes. Since they are stored in an array just blast the full array in and out of the io buffers at once instead of iterating element by element. It also allows to remove a lot of extra code. OK benno@ job@
|
#
1.18 |
|
23-Oct-2021 |
claudio |
Finnally move away from blocking reads in rpki-client. The code was a mish mash of poll, non-blocking writes and blocking reads. Using the introduced ibuf size header in io_buf_new()/io_buf_close() the read side can be changed to pull in a full ibuf and only start the un-marshal once all data has been read. OK benno@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.17 |
|
19-Apr-2021 |
deraadt |
branches: 1.17.4; code review results in KNF, and moving local variables into lowest scope ok claudio
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.16 |
|
29-Mar-2021 |
deraadt |
branches: 1.16.2; Check all inet_ntop() calls, in case we screw up the parameters somehow we prefer a failure rather than some sort of weird truncation ok claudio
|
#
1.15 |
|
29-Mar-2021 |
deraadt |
3 additional snprintf() range checks (inconceivable these would ever truncate, but if they do, we prefer to know) ok job claudio
|
#
1.14 |
|
08-Jan-2021 |
claudio |
Start using the ibuf API (ibuf_dynamic, ibuf_add, ibuf_close) for writing data between processes. This completely decouples the write side. rpki-client can't really use the imsg framework but it can use the ibuf bits wich imsg is built on. OK benno@ job@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.13 |
|
12-Sep-2020 |
claudio |
Include openssl/x509.h in extern.h since it uses a few of the typedefs from there in structs and prototypes. Remove the openssl/ssl.h and other strange openssl includes in the .c files that don't use openssl specific functions. OK beck@ and tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.12 |
|
16-Apr-2020 |
claudio |
It is unclear why data is memcpy-ed into a char buf[2] that is used as argument to ntohs(). Just memcpy to a uint16_t value and ntohs this value. Fixes possible alignment issues as reported by newer gcc compilers. OK beck@
|
#
1.11 |
|
16-Apr-2020 |
claudio |
Revert last commit, this file slipped in.
|
#
1.10 |
|
16-Apr-2020 |
claudio |
Replace deprecated ERR_remove_state(0) with ERR_remove_thread_state(NULL); OK tb@
|
#
1.9 |
|
27-Nov-2019 |
deraadt |
swap some comparisons
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.8 |
|
03-Oct-2019 |
claudio |
memset struct ip_addr before assigning values to it. in the IPv4 case 12 bytes of the struct were not touched and left uninitialized which is not the idea. Diff from Alexandre Hamada (hamada at registro dot br)
|
#
1.7 |
|
20-Jun-2019 |
claudio |
If the ASN1_BIT_STRING has a length of 0 the unused bit count must be 0. Check this and also adjust the upper limit check to >= 8 since only the values 0 - 7 are valid. Found by jsg@ with afl. OK deraadt@
|
#
1.6 |
|
19-Jun-2019 |
deraadt |
use $OpenBSD$ headers
|
#
1.5 |
|
19-Jun-2019 |
claudio |
Instead of the strange ASN.1 encoding of IP addresses with a size in bytes and a count of how many bits of the last byte are unused switch to a much more normal prefixlen in bits encoding for internal use. This makes the code easier to understand. Also switch to inet_ntop() for converting a struct ip_addr into a string. OK job@
|
#
1.4 |
|
19-Jun-2019 |
deraadt |
indentation adjustments, in particular near warn statements ok claudio
|
#
1.3 |
|
17-Jun-2019 |
deraadt |
system includes first, always.
|
#
1.2 |
|
17-Jun-2019 |
deraadt |
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
|
#
1.1 |
|
17-Jun-2019 |
job |
branches: 1.1.1; Initial revision
|
#
1.27 |
|
29-Nov-2022 |
job |
Only include stdarg.h, if we call any of va_{start,end}()
OK tb@
|
#
1.26 |
|
29-Nov-2022 |
job |
Only include assert.h if we call assert()
OK tb@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.25 |
|
15-May-2022 |
tb |
More KNF and whitespace fixes.
|
#
1.24 |
|
15-May-2022 |
deraadt |
whitespace spotted during read-thru
|
#
1.23 |
|
13-May-2022 |
tb |
Fix unused bits handling for ip addresses
If ASN1_STRING_FLAG_BITS_LEFT is set, only the lower three bits of the flags represent the unused bits. Other flags have nothing to with lengths, so stop interpreting them as such and throwing strange errors.
ok claudio
|
#
1.22 |
|
11-May-2022 |
tb |
Zap stray space
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.21 |
|
26-Dec-2021 |
tb |
fix spelling of inheritance
|
#
1.20 |
|
10-Nov-2021 |
claudio |
Collaps the AFI specific IP print functions into ip_addr_print() their only difference was the buffersize and AF argument to inet_ntop. Use INET6_ADDRSTRLEN as the buffer size and convert the AFI to AF in a switch statement. OK denis@ kn@ deraadt@
|
#
1.19 |
|
05-Nov-2021 |
claudio |
Simplify how IP addresses and AS numbers are passed between processes. Since they are stored in an array just blast the full array in and out of the io buffers at once instead of iterating element by element. It also allows to remove a lot of extra code. OK benno@ job@
|
#
1.18 |
|
23-Oct-2021 |
claudio |
Finnally move away from blocking reads in rpki-client. The code was a mish mash of poll, non-blocking writes and blocking reads. Using the introduced ibuf size header in io_buf_new()/io_buf_close() the read side can be changed to pull in a full ibuf and only start the un-marshal once all data has been read. OK benno@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.17 |
|
19-Apr-2021 |
deraadt |
branches: 1.17.4; code review results in KNF, and moving local variables into lowest scope ok claudio
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.16 |
|
29-Mar-2021 |
deraadt |
branches: 1.16.2; Check all inet_ntop() calls, in case we screw up the parameters somehow we prefer a failure rather than some sort of weird truncation ok claudio
|
#
1.15 |
|
29-Mar-2021 |
deraadt |
3 additional snprintf() range checks (inconceivable these would ever truncate, but if they do, we prefer to know) ok job claudio
|
#
1.14 |
|
08-Jan-2021 |
claudio |
Start using the ibuf API (ibuf_dynamic, ibuf_add, ibuf_close) for writing data between processes. This completely decouples the write side. rpki-client can't really use the imsg framework but it can use the ibuf bits wich imsg is built on. OK benno@ job@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.13 |
|
12-Sep-2020 |
claudio |
Include openssl/x509.h in extern.h since it uses a few of the typedefs from there in structs and prototypes. Remove the openssl/ssl.h and other strange openssl includes in the .c files that don't use openssl specific functions. OK beck@ and tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.12 |
|
16-Apr-2020 |
claudio |
It is unclear why data is memcpy-ed into a char buf[2] that is used as argument to ntohs(). Just memcpy to a uint16_t value and ntohs this value. Fixes possible alignment issues as reported by newer gcc compilers. OK beck@
|
#
1.11 |
|
16-Apr-2020 |
claudio |
Revert last commit, this file slipped in.
|
#
1.10 |
|
16-Apr-2020 |
claudio |
Replace deprecated ERR_remove_state(0) with ERR_remove_thread_state(NULL); OK tb@
|
#
1.9 |
|
27-Nov-2019 |
deraadt |
swap some comparisons
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.8 |
|
03-Oct-2019 |
claudio |
memset struct ip_addr before assigning values to it. in the IPv4 case 12 bytes of the struct were not touched and left uninitialized which is not the idea. Diff from Alexandre Hamada (hamada at registro dot br)
|
#
1.7 |
|
20-Jun-2019 |
claudio |
If the ASN1_BIT_STRING has a length of 0 the unused bit count must be 0. Check this and also adjust the upper limit check to >= 8 since only the values 0 - 7 are valid. Found by jsg@ with afl. OK deraadt@
|
#
1.6 |
|
19-Jun-2019 |
deraadt |
use $OpenBSD$ headers
|
#
1.5 |
|
19-Jun-2019 |
claudio |
Instead of the strange ASN.1 encoding of IP addresses with a size in bytes and a count of how many bits of the last byte are unused switch to a much more normal prefixlen in bits encoding for internal use. This makes the code easier to understand. Also switch to inet_ntop() for converting a struct ip_addr into a string. OK job@
|
#
1.4 |
|
19-Jun-2019 |
deraadt |
indentation adjustments, in particular near warn statements ok claudio
|
#
1.3 |
|
17-Jun-2019 |
deraadt |
system includes first, always.
|
#
1.2 |
|
17-Jun-2019 |
deraadt |
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
|
#
1.1 |
|
17-Jun-2019 |
job |
branches: 1.1.1; Initial revision
|
#
1.25 |
|
15-May-2022 |
tb |
More KNF and whitespace fixes.
|
#
1.24 |
|
15-May-2022 |
deraadt |
whitespace spotted during read-thru
|
#
1.23 |
|
13-May-2022 |
tb |
Fix unused bits handling for ip addresses
If ASN1_STRING_FLAG_BITS_LEFT is set, only the lower three bits of the flags represent the unused bits. Other flags have nothing to with lengths, so stop interpreting them as such and throwing strange errors.
ok claudio
|
#
1.22 |
|
11-May-2022 |
tb |
Zap stray space
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.21 |
|
26-Dec-2021 |
tb |
fix spelling of inheritance
|
#
1.20 |
|
10-Nov-2021 |
claudio |
Collaps the AFI specific IP print functions into ip_addr_print() their only difference was the buffersize and AF argument to inet_ntop. Use INET6_ADDRSTRLEN as the buffer size and convert the AFI to AF in a switch statement. OK denis@ kn@ deraadt@
|
#
1.19 |
|
05-Nov-2021 |
claudio |
Simplify how IP addresses and AS numbers are passed between processes. Since they are stored in an array just blast the full array in and out of the io buffers at once instead of iterating element by element. It also allows to remove a lot of extra code. OK benno@ job@
|
#
1.18 |
|
23-Oct-2021 |
claudio |
Finnally move away from blocking reads in rpki-client. The code was a mish mash of poll, non-blocking writes and blocking reads. Using the introduced ibuf size header in io_buf_new()/io_buf_close() the read side can be changed to pull in a full ibuf and only start the un-marshal once all data has been read. OK benno@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.17 |
|
19-Apr-2021 |
deraadt |
branches: 1.17.4; code review results in KNF, and moving local variables into lowest scope ok claudio
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.16 |
|
29-Mar-2021 |
deraadt |
branches: 1.16.2; Check all inet_ntop() calls, in case we screw up the parameters somehow we prefer a failure rather than some sort of weird truncation ok claudio
|
#
1.15 |
|
29-Mar-2021 |
deraadt |
3 additional snprintf() range checks (inconceivable these would ever truncate, but if they do, we prefer to know) ok job claudio
|
#
1.14 |
|
08-Jan-2021 |
claudio |
Start using the ibuf API (ibuf_dynamic, ibuf_add, ibuf_close) for writing data between processes. This completely decouples the write side. rpki-client can't really use the imsg framework but it can use the ibuf bits wich imsg is built on. OK benno@ job@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.13 |
|
12-Sep-2020 |
claudio |
Include openssl/x509.h in extern.h since it uses a few of the typedefs from there in structs and prototypes. Remove the openssl/ssl.h and other strange openssl includes in the .c files that don't use openssl specific functions. OK beck@ and tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.12 |
|
16-Apr-2020 |
claudio |
It is unclear why data is memcpy-ed into a char buf[2] that is used as argument to ntohs(). Just memcpy to a uint16_t value and ntohs this value. Fixes possible alignment issues as reported by newer gcc compilers. OK beck@
|
#
1.11 |
|
16-Apr-2020 |
claudio |
Revert last commit, this file slipped in.
|
#
1.10 |
|
16-Apr-2020 |
claudio |
Replace deprecated ERR_remove_state(0) with ERR_remove_thread_state(NULL); OK tb@
|
#
1.9 |
|
27-Nov-2019 |
deraadt |
swap some comparisons
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.8 |
|
03-Oct-2019 |
claudio |
memset struct ip_addr before assigning values to it. in the IPv4 case 12 bytes of the struct were not touched and left uninitialized which is not the idea. Diff from Alexandre Hamada (hamada at registro dot br)
|
#
1.7 |
|
20-Jun-2019 |
claudio |
If the ASN1_BIT_STRING has a length of 0 the unused bit count must be 0. Check this and also adjust the upper limit check to >= 8 since only the values 0 - 7 are valid. Found by jsg@ with afl. OK deraadt@
|
#
1.6 |
|
19-Jun-2019 |
deraadt |
use $OpenBSD$ headers
|
#
1.5 |
|
19-Jun-2019 |
claudio |
Instead of the strange ASN.1 encoding of IP addresses with a size in bytes and a count of how many bits of the last byte are unused switch to a much more normal prefixlen in bits encoding for internal use. This makes the code easier to understand. Also switch to inet_ntop() for converting a struct ip_addr into a string. OK job@
|
#
1.4 |
|
19-Jun-2019 |
deraadt |
indentation adjustments, in particular near warn statements ok claudio
|
#
1.3 |
|
17-Jun-2019 |
deraadt |
system includes first, always.
|
#
1.2 |
|
17-Jun-2019 |
deraadt |
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
|
#
1.1 |
|
17-Jun-2019 |
job |
branches: 1.1.1; Initial revision
|
#
1.23 |
|
13-May-2022 |
tb |
Fix unused bits handling for ip addresses
If ASN1_STRING_FLAG_BITS_LEFT is set, only the lower three bits of the flags represent the unused bits. Other flags have nothing to with lengths, so stop interpreting them as such and throwing strange errors.
ok claudio
|
#
1.22 |
|
11-May-2022 |
tb |
Zap stray space
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.21 |
|
26-Dec-2021 |
tb |
fix spelling of inheritance
|
#
1.20 |
|
10-Nov-2021 |
claudio |
Collaps the AFI specific IP print functions into ip_addr_print() their only difference was the buffersize and AF argument to inet_ntop. Use INET6_ADDRSTRLEN as the buffer size and convert the AFI to AF in a switch statement. OK denis@ kn@ deraadt@
|
#
1.19 |
|
05-Nov-2021 |
claudio |
Simplify how IP addresses and AS numbers are passed between processes. Since they are stored in an array just blast the full array in and out of the io buffers at once instead of iterating element by element. It also allows to remove a lot of extra code. OK benno@ job@
|
#
1.18 |
|
23-Oct-2021 |
claudio |
Finnally move away from blocking reads in rpki-client. The code was a mish mash of poll, non-blocking writes and blocking reads. Using the introduced ibuf size header in io_buf_new()/io_buf_close() the read side can be changed to pull in a full ibuf and only start the un-marshal once all data has been read. OK benno@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.17 |
|
19-Apr-2021 |
deraadt |
branches: 1.17.4; code review results in KNF, and moving local variables into lowest scope ok claudio
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.16 |
|
29-Mar-2021 |
deraadt |
branches: 1.16.2; Check all inet_ntop() calls, in case we screw up the parameters somehow we prefer a failure rather than some sort of weird truncation ok claudio
|
#
1.15 |
|
29-Mar-2021 |
deraadt |
3 additional snprintf() range checks (inconceivable these would ever truncate, but if they do, we prefer to know) ok job claudio
|
#
1.14 |
|
08-Jan-2021 |
claudio |
Start using the ibuf API (ibuf_dynamic, ibuf_add, ibuf_close) for writing data between processes. This completely decouples the write side. rpki-client can't really use the imsg framework but it can use the ibuf bits wich imsg is built on. OK benno@ job@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.13 |
|
12-Sep-2020 |
claudio |
Include openssl/x509.h in extern.h since it uses a few of the typedefs from there in structs and prototypes. Remove the openssl/ssl.h and other strange openssl includes in the .c files that don't use openssl specific functions. OK beck@ and tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.12 |
|
16-Apr-2020 |
claudio |
It is unclear why data is memcpy-ed into a char buf[2] that is used as argument to ntohs(). Just memcpy to a uint16_t value and ntohs this value. Fixes possible alignment issues as reported by newer gcc compilers. OK beck@
|
#
1.11 |
|
16-Apr-2020 |
claudio |
Revert last commit, this file slipped in.
|
#
1.10 |
|
16-Apr-2020 |
claudio |
Replace deprecated ERR_remove_state(0) with ERR_remove_thread_state(NULL); OK tb@
|
#
1.9 |
|
27-Nov-2019 |
deraadt |
swap some comparisons
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.8 |
|
03-Oct-2019 |
claudio |
memset struct ip_addr before assigning values to it. in the IPv4 case 12 bytes of the struct were not touched and left uninitialized which is not the idea. Diff from Alexandre Hamada (hamada at registro dot br)
|
#
1.7 |
|
20-Jun-2019 |
claudio |
If the ASN1_BIT_STRING has a length of 0 the unused bit count must be 0. Check this and also adjust the upper limit check to >= 8 since only the values 0 - 7 are valid. Found by jsg@ with afl. OK deraadt@
|
#
1.6 |
|
19-Jun-2019 |
deraadt |
use $OpenBSD$ headers
|
#
1.5 |
|
19-Jun-2019 |
claudio |
Instead of the strange ASN.1 encoding of IP addresses with a size in bytes and a count of how many bits of the last byte are unused switch to a much more normal prefixlen in bits encoding for internal use. This makes the code easier to understand. Also switch to inet_ntop() for converting a struct ip_addr into a string. OK job@
|
#
1.4 |
|
19-Jun-2019 |
deraadt |
indentation adjustments, in particular near warn statements ok claudio
|
#
1.3 |
|
17-Jun-2019 |
deraadt |
system includes first, always.
|
#
1.2 |
|
17-Jun-2019 |
deraadt |
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
|
#
1.1 |
|
17-Jun-2019 |
job |
branches: 1.1.1; Initial revision
|
#
1.22 |
|
11-May-2022 |
tb |
Zap stray space
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.21 |
|
26-Dec-2021 |
tb |
fix spelling of inheritance
|
#
1.20 |
|
10-Nov-2021 |
claudio |
Collaps the AFI specific IP print functions into ip_addr_print() their only difference was the buffersize and AF argument to inet_ntop. Use INET6_ADDRSTRLEN as the buffer size and convert the AFI to AF in a switch statement. OK denis@ kn@ deraadt@
|
#
1.19 |
|
05-Nov-2021 |
claudio |
Simplify how IP addresses and AS numbers are passed between processes. Since they are stored in an array just blast the full array in and out of the io buffers at once instead of iterating element by element. It also allows to remove a lot of extra code. OK benno@ job@
|
#
1.18 |
|
23-Oct-2021 |
claudio |
Finnally move away from blocking reads in rpki-client. The code was a mish mash of poll, non-blocking writes and blocking reads. Using the introduced ibuf size header in io_buf_new()/io_buf_close() the read side can be changed to pull in a full ibuf and only start the un-marshal once all data has been read. OK benno@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.17 |
|
19-Apr-2021 |
deraadt |
branches: 1.17.4; code review results in KNF, and moving local variables into lowest scope ok claudio
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.16 |
|
29-Mar-2021 |
deraadt |
branches: 1.16.2; Check all inet_ntop() calls, in case we screw up the parameters somehow we prefer a failure rather than some sort of weird truncation ok claudio
|
#
1.15 |
|
29-Mar-2021 |
deraadt |
3 additional snprintf() range checks (inconceivable these would ever truncate, but if they do, we prefer to know) ok job claudio
|
#
1.14 |
|
08-Jan-2021 |
claudio |
Start using the ibuf API (ibuf_dynamic, ibuf_add, ibuf_close) for writing data between processes. This completely decouples the write side. rpki-client can't really use the imsg framework but it can use the ibuf bits wich imsg is built on. OK benno@ job@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.13 |
|
12-Sep-2020 |
claudio |
Include openssl/x509.h in extern.h since it uses a few of the typedefs from there in structs and prototypes. Remove the openssl/ssl.h and other strange openssl includes in the .c files that don't use openssl specific functions. OK beck@ and tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.12 |
|
16-Apr-2020 |
claudio |
It is unclear why data is memcpy-ed into a char buf[2] that is used as argument to ntohs(). Just memcpy to a uint16_t value and ntohs this value. Fixes possible alignment issues as reported by newer gcc compilers. OK beck@
|
#
1.11 |
|
16-Apr-2020 |
claudio |
Revert last commit, this file slipped in.
|
#
1.10 |
|
16-Apr-2020 |
claudio |
Replace deprecated ERR_remove_state(0) with ERR_remove_thread_state(NULL); OK tb@
|
#
1.9 |
|
27-Nov-2019 |
deraadt |
swap some comparisons
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.8 |
|
03-Oct-2019 |
claudio |
memset struct ip_addr before assigning values to it. in the IPv4 case 12 bytes of the struct were not touched and left uninitialized which is not the idea. Diff from Alexandre Hamada (hamada at registro dot br)
|
#
1.7 |
|
20-Jun-2019 |
claudio |
If the ASN1_BIT_STRING has a length of 0 the unused bit count must be 0. Check this and also adjust the upper limit check to >= 8 since only the values 0 - 7 are valid. Found by jsg@ with afl. OK deraadt@
|
#
1.6 |
|
19-Jun-2019 |
deraadt |
use $OpenBSD$ headers
|
#
1.5 |
|
19-Jun-2019 |
claudio |
Instead of the strange ASN.1 encoding of IP addresses with a size in bytes and a count of how many bits of the last byte are unused switch to a much more normal prefixlen in bits encoding for internal use. This makes the code easier to understand. Also switch to inet_ntop() for converting a struct ip_addr into a string. OK job@
|
#
1.4 |
|
19-Jun-2019 |
deraadt |
indentation adjustments, in particular near warn statements ok claudio
|
#
1.3 |
|
17-Jun-2019 |
deraadt |
system includes first, always.
|
#
1.2 |
|
17-Jun-2019 |
deraadt |
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
|
#
1.1 |
|
17-Jun-2019 |
job |
branches: 1.1.1; Initial revision
|
#
1.21 |
|
26-Dec-2021 |
tb |
fix spelling of inheritance
|
#
1.20 |
|
10-Nov-2021 |
claudio |
Collaps the AFI specific IP print functions into ip_addr_print() their only difference was the buffersize and AF argument to inet_ntop. Use INET6_ADDRSTRLEN as the buffer size and convert the AFI to AF in a switch statement. OK denis@ kn@ deraadt@
|
#
1.19 |
|
05-Nov-2021 |
claudio |
Simplify how IP addresses and AS numbers are passed between processes. Since they are stored in an array just blast the full array in and out of the io buffers at once instead of iterating element by element. It also allows to remove a lot of extra code. OK benno@ job@
|
#
1.18 |
|
23-Oct-2021 |
claudio |
Finnally move away from blocking reads in rpki-client. The code was a mish mash of poll, non-blocking writes and blocking reads. Using the introduced ibuf size header in io_buf_new()/io_buf_close() the read side can be changed to pull in a full ibuf and only start the un-marshal once all data has been read. OK benno@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.17 |
|
19-Apr-2021 |
deraadt |
branches: 1.17.4; code review results in KNF, and moving local variables into lowest scope ok claudio
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.16 |
|
29-Mar-2021 |
deraadt |
branches: 1.16.2; Check all inet_ntop() calls, in case we screw up the parameters somehow we prefer a failure rather than some sort of weird truncation ok claudio
|
#
1.15 |
|
29-Mar-2021 |
deraadt |
3 additional snprintf() range checks (inconceivable these would ever truncate, but if they do, we prefer to know) ok job claudio
|
#
1.14 |
|
08-Jan-2021 |
claudio |
Start using the ibuf API (ibuf_dynamic, ibuf_add, ibuf_close) for writing data between processes. This completely decouples the write side. rpki-client can't really use the imsg framework but it can use the ibuf bits wich imsg is built on. OK benno@ job@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.13 |
|
12-Sep-2020 |
claudio |
Include openssl/x509.h in extern.h since it uses a few of the typedefs from there in structs and prototypes. Remove the openssl/ssl.h and other strange openssl includes in the .c files that don't use openssl specific functions. OK beck@ and tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.12 |
|
16-Apr-2020 |
claudio |
It is unclear why data is memcpy-ed into a char buf[2] that is used as argument to ntohs(). Just memcpy to a uint16_t value and ntohs this value. Fixes possible alignment issues as reported by newer gcc compilers. OK beck@
|
#
1.11 |
|
16-Apr-2020 |
claudio |
Revert last commit, this file slipped in.
|
#
1.10 |
|
16-Apr-2020 |
claudio |
Replace deprecated ERR_remove_state(0) with ERR_remove_thread_state(NULL); OK tb@
|
#
1.9 |
|
27-Nov-2019 |
deraadt |
swap some comparisons
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.8 |
|
03-Oct-2019 |
claudio |
memset struct ip_addr before assigning values to it. in the IPv4 case 12 bytes of the struct were not touched and left uninitialized which is not the idea. Diff from Alexandre Hamada (hamada at registro dot br)
|
#
1.7 |
|
20-Jun-2019 |
claudio |
If the ASN1_BIT_STRING has a length of 0 the unused bit count must be 0. Check this and also adjust the upper limit check to >= 8 since only the values 0 - 7 are valid. Found by jsg@ with afl. OK deraadt@
|
#
1.6 |
|
19-Jun-2019 |
deraadt |
use $OpenBSD$ headers
|
#
1.5 |
|
19-Jun-2019 |
claudio |
Instead of the strange ASN.1 encoding of IP addresses with a size in bytes and a count of how many bits of the last byte are unused switch to a much more normal prefixlen in bits encoding for internal use. This makes the code easier to understand. Also switch to inet_ntop() for converting a struct ip_addr into a string. OK job@
|
#
1.4 |
|
19-Jun-2019 |
deraadt |
indentation adjustments, in particular near warn statements ok claudio
|
#
1.3 |
|
17-Jun-2019 |
deraadt |
system includes first, always.
|
#
1.2 |
|
17-Jun-2019 |
deraadt |
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
|
#
1.1 |
|
17-Jun-2019 |
job |
branches: 1.1.1; Initial revision
|
#
1.20 |
|
10-Nov-2021 |
claudio |
Collaps the AFI specific IP print functions into ip_addr_print() their only difference was the buffersize and AF argument to inet_ntop. Use INET6_ADDRSTRLEN as the buffer size and convert the AFI to AF in a switch statement. OK denis@ kn@ deraadt@
|
#
1.19 |
|
05-Nov-2021 |
claudio |
Simplify how IP addresses and AS numbers are passed between processes. Since they are stored in an array just blast the full array in and out of the io buffers at once instead of iterating element by element. It also allows to remove a lot of extra code. OK benno@ job@
|
#
1.18 |
|
23-Oct-2021 |
claudio |
Finnally move away from blocking reads in rpki-client. The code was a mish mash of poll, non-blocking writes and blocking reads. Using the introduced ibuf size header in io_buf_new()/io_buf_close() the read side can be changed to pull in a full ibuf and only start the un-marshal once all data has been read. OK benno@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.17 |
|
19-Apr-2021 |
deraadt |
branches: 1.17.4; code review results in KNF, and moving local variables into lowest scope ok claudio
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.16 |
|
29-Mar-2021 |
deraadt |
branches: 1.16.2; Check all inet_ntop() calls, in case we screw up the parameters somehow we prefer a failure rather than some sort of weird truncation ok claudio
|
#
1.15 |
|
29-Mar-2021 |
deraadt |
3 additional snprintf() range checks (inconceivable these would ever truncate, but if they do, we prefer to know) ok job claudio
|
#
1.14 |
|
08-Jan-2021 |
claudio |
Start using the ibuf API (ibuf_dynamic, ibuf_add, ibuf_close) for writing data between processes. This completely decouples the write side. rpki-client can't really use the imsg framework but it can use the ibuf bits wich imsg is built on. OK benno@ job@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.13 |
|
12-Sep-2020 |
claudio |
Include openssl/x509.h in extern.h since it uses a few of the typedefs from there in structs and prototypes. Remove the openssl/ssl.h and other strange openssl includes in the .c files that don't use openssl specific functions. OK beck@ and tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.12 |
|
16-Apr-2020 |
claudio |
It is unclear why data is memcpy-ed into a char buf[2] that is used as argument to ntohs(). Just memcpy to a uint16_t value and ntohs this value. Fixes possible alignment issues as reported by newer gcc compilers. OK beck@
|
#
1.11 |
|
16-Apr-2020 |
claudio |
Revert last commit, this file slipped in.
|
#
1.10 |
|
16-Apr-2020 |
claudio |
Replace deprecated ERR_remove_state(0) with ERR_remove_thread_state(NULL); OK tb@
|
#
1.9 |
|
27-Nov-2019 |
deraadt |
swap some comparisons
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.8 |
|
03-Oct-2019 |
claudio |
memset struct ip_addr before assigning values to it. in the IPv4 case 12 bytes of the struct were not touched and left uninitialized which is not the idea. Diff from Alexandre Hamada (hamada at registro dot br)
|
#
1.7 |
|
20-Jun-2019 |
claudio |
If the ASN1_BIT_STRING has a length of 0 the unused bit count must be 0. Check this and also adjust the upper limit check to >= 8 since only the values 0 - 7 are valid. Found by jsg@ with afl. OK deraadt@
|
#
1.6 |
|
19-Jun-2019 |
deraadt |
use $OpenBSD$ headers
|
#
1.5 |
|
19-Jun-2019 |
claudio |
Instead of the strange ASN.1 encoding of IP addresses with a size in bytes and a count of how many bits of the last byte are unused switch to a much more normal prefixlen in bits encoding for internal use. This makes the code easier to understand. Also switch to inet_ntop() for converting a struct ip_addr into a string. OK job@
|
#
1.4 |
|
19-Jun-2019 |
deraadt |
indentation adjustments, in particular near warn statements ok claudio
|
#
1.3 |
|
17-Jun-2019 |
deraadt |
system includes first, always.
|
#
1.2 |
|
17-Jun-2019 |
deraadt |
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
|
#
1.1 |
|
17-Jun-2019 |
job |
branches: 1.1.1; Initial revision
|
#
1.19 |
|
05-Nov-2021 |
claudio |
Simplify how IP addresses and AS numbers are passed between processes. Since they are stored in an array just blast the full array in and out of the io buffers at once instead of iterating element by element. It also allows to remove a lot of extra code. OK benno@ job@
|
#
1.18 |
|
23-Oct-2021 |
claudio |
Finnally move away from blocking reads in rpki-client. The code was a mish mash of poll, non-blocking writes and blocking reads. Using the introduced ibuf size header in io_buf_new()/io_buf_close() the read side can be changed to pull in a full ibuf and only start the un-marshal once all data has been read. OK benno@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.17 |
|
19-Apr-2021 |
deraadt |
code review results in KNF, and moving local variables into lowest scope ok claudio
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.16 |
|
29-Mar-2021 |
deraadt |
Check all inet_ntop() calls, in case we screw up the parameters somehow we prefer a failure rather than some sort of weird truncation ok claudio
|
#
1.15 |
|
29-Mar-2021 |
deraadt |
3 additional snprintf() range checks (inconceivable these would ever truncate, but if they do, we prefer to know) ok job claudio
|
#
1.14 |
|
08-Jan-2021 |
claudio |
Start using the ibuf API (ibuf_dynamic, ibuf_add, ibuf_close) for writing data between processes. This completely decouples the write side. rpki-client can't really use the imsg framework but it can use the ibuf bits wich imsg is built on. OK benno@ job@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.13 |
|
12-Sep-2020 |
claudio |
Include openssl/x509.h in extern.h since it uses a few of the typedefs from there in structs and prototypes. Remove the openssl/ssl.h and other strange openssl includes in the .c files that don't use openssl specific functions. OK beck@ and tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.12 |
|
16-Apr-2020 |
claudio |
It is unclear why data is memcpy-ed into a char buf[2] that is used as argument to ntohs(). Just memcpy to a uint16_t value and ntohs this value. Fixes possible alignment issues as reported by newer gcc compilers. OK beck@
|
#
1.11 |
|
16-Apr-2020 |
claudio |
Revert last commit, this file slipped in.
|
#
1.10 |
|
16-Apr-2020 |
claudio |
Replace deprecated ERR_remove_state(0) with ERR_remove_thread_state(NULL); OK tb@
|
#
1.9 |
|
27-Nov-2019 |
deraadt |
swap some comparisons
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.8 |
|
03-Oct-2019 |
claudio |
memset struct ip_addr before assigning values to it. in the IPv4 case 12 bytes of the struct were not touched and left uninitialized which is not the idea. Diff from Alexandre Hamada (hamada at registro dot br)
|
#
1.7 |
|
20-Jun-2019 |
claudio |
If the ASN1_BIT_STRING has a length of 0 the unused bit count must be 0. Check this and also adjust the upper limit check to >= 8 since only the values 0 - 7 are valid. Found by jsg@ with afl. OK deraadt@
|
#
1.6 |
|
19-Jun-2019 |
deraadt |
use $OpenBSD$ headers
|
#
1.5 |
|
19-Jun-2019 |
claudio |
Instead of the strange ASN.1 encoding of IP addresses with a size in bytes and a count of how many bits of the last byte are unused switch to a much more normal prefixlen in bits encoding for internal use. This makes the code easier to understand. Also switch to inet_ntop() for converting a struct ip_addr into a string. OK job@
|
#
1.4 |
|
19-Jun-2019 |
deraadt |
indentation adjustments, in particular near warn statements ok claudio
|
#
1.3 |
|
17-Jun-2019 |
deraadt |
system includes first, always.
|
#
1.2 |
|
17-Jun-2019 |
deraadt |
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
|
#
1.1 |
|
17-Jun-2019 |
job |
branches: 1.1.1; Initial revision
|
#
1.18 |
|
23-Oct-2021 |
claudio |
Finnally move away from blocking reads in rpki-client. The code was a mish mash of poll, non-blocking writes and blocking reads. Using the introduced ibuf size header in io_buf_new()/io_buf_close() the read side can be changed to pull in a full ibuf and only start the un-marshal once all data has been read. OK benno@
|
Revision tags: OPENBSD_7_0_BASE
|
#
1.17 |
|
19-Apr-2021 |
deraadt |
code review results in KNF, and moving local variables into lowest scope ok claudio
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.16 |
|
29-Mar-2021 |
deraadt |
Check all inet_ntop() calls, in case we screw up the parameters somehow we prefer a failure rather than some sort of weird truncation ok claudio
|
#
1.15 |
|
29-Mar-2021 |
deraadt |
3 additional snprintf() range checks (inconceivable these would ever truncate, but if they do, we prefer to know) ok job claudio
|
#
1.14 |
|
08-Jan-2021 |
claudio |
Start using the ibuf API (ibuf_dynamic, ibuf_add, ibuf_close) for writing data between processes. This completely decouples the write side. rpki-client can't really use the imsg framework but it can use the ibuf bits wich imsg is built on. OK benno@ job@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.13 |
|
12-Sep-2020 |
claudio |
Include openssl/x509.h in extern.h since it uses a few of the typedefs from there in structs and prototypes. Remove the openssl/ssl.h and other strange openssl includes in the .c files that don't use openssl specific functions. OK beck@ and tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.12 |
|
16-Apr-2020 |
claudio |
It is unclear why data is memcpy-ed into a char buf[2] that is used as argument to ntohs(). Just memcpy to a uint16_t value and ntohs this value. Fixes possible alignment issues as reported by newer gcc compilers. OK beck@
|
#
1.11 |
|
16-Apr-2020 |
claudio |
Revert last commit, this file slipped in.
|
#
1.10 |
|
16-Apr-2020 |
claudio |
Replace deprecated ERR_remove_state(0) with ERR_remove_thread_state(NULL); OK tb@
|
#
1.9 |
|
27-Nov-2019 |
deraadt |
swap some comparisons
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.8 |
|
03-Oct-2019 |
claudio |
memset struct ip_addr before assigning values to it. in the IPv4 case 12 bytes of the struct were not touched and left uninitialized which is not the idea. Diff from Alexandre Hamada (hamada at registro dot br)
|
#
1.7 |
|
20-Jun-2019 |
claudio |
If the ASN1_BIT_STRING has a length of 0 the unused bit count must be 0. Check this and also adjust the upper limit check to >= 8 since only the values 0 - 7 are valid. Found by jsg@ with afl. OK deraadt@
|
#
1.6 |
|
19-Jun-2019 |
deraadt |
use $OpenBSD$ headers
|
#
1.5 |
|
19-Jun-2019 |
claudio |
Instead of the strange ASN.1 encoding of IP addresses with a size in bytes and a count of how many bits of the last byte are unused switch to a much more normal prefixlen in bits encoding for internal use. This makes the code easier to understand. Also switch to inet_ntop() for converting a struct ip_addr into a string. OK job@
|
#
1.4 |
|
19-Jun-2019 |
deraadt |
indentation adjustments, in particular near warn statements ok claudio
|
#
1.3 |
|
17-Jun-2019 |
deraadt |
system includes first, always.
|
#
1.2 |
|
17-Jun-2019 |
deraadt |
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
|
#
1.1 |
|
17-Jun-2019 |
job |
branches: 1.1.1; Initial revision
|
#
1.17 |
|
19-Apr-2021 |
deraadt |
code review results in KNF, and moving local variables into lowest scope ok claudio
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.16 |
|
29-Mar-2021 |
deraadt |
Check all inet_ntop() calls, in case we screw up the parameters somehow we prefer a failure rather than some sort of weird truncation ok claudio
|
#
1.15 |
|
29-Mar-2021 |
deraadt |
3 additional snprintf() range checks (inconceivable these would ever truncate, but if they do, we prefer to know) ok job claudio
|
#
1.14 |
|
08-Jan-2021 |
claudio |
Start using the ibuf API (ibuf_dynamic, ibuf_add, ibuf_close) for writing data between processes. This completely decouples the write side. rpki-client can't really use the imsg framework but it can use the ibuf bits wich imsg is built on. OK benno@ job@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.13 |
|
12-Sep-2020 |
claudio |
Include openssl/x509.h in extern.h since it uses a few of the typedefs from there in structs and prototypes. Remove the openssl/ssl.h and other strange openssl includes in the .c files that don't use openssl specific functions. OK beck@ and tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.12 |
|
16-Apr-2020 |
claudio |
It is unclear why data is memcpy-ed into a char buf[2] that is used as argument to ntohs(). Just memcpy to a uint16_t value and ntohs this value. Fixes possible alignment issues as reported by newer gcc compilers. OK beck@
|
#
1.11 |
|
16-Apr-2020 |
claudio |
Revert last commit, this file slipped in.
|
#
1.10 |
|
16-Apr-2020 |
claudio |
Replace deprecated ERR_remove_state(0) with ERR_remove_thread_state(NULL); OK tb@
|
#
1.9 |
|
27-Nov-2019 |
deraadt |
swap some comparisons
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.8 |
|
03-Oct-2019 |
claudio |
memset struct ip_addr before assigning values to it. in the IPv4 case 12 bytes of the struct were not touched and left uninitialized which is not the idea. Diff from Alexandre Hamada (hamada at registro dot br)
|
#
1.7 |
|
20-Jun-2019 |
claudio |
If the ASN1_BIT_STRING has a length of 0 the unused bit count must be 0. Check this and also adjust the upper limit check to >= 8 since only the values 0 - 7 are valid. Found by jsg@ with afl. OK deraadt@
|
#
1.6 |
|
19-Jun-2019 |
deraadt |
use $OpenBSD$ headers
|
#
1.5 |
|
19-Jun-2019 |
claudio |
Instead of the strange ASN.1 encoding of IP addresses with a size in bytes and a count of how many bits of the last byte are unused switch to a much more normal prefixlen in bits encoding for internal use. This makes the code easier to understand. Also switch to inet_ntop() for converting a struct ip_addr into a string. OK job@
|
#
1.4 |
|
19-Jun-2019 |
deraadt |
indentation adjustments, in particular near warn statements ok claudio
|
#
1.3 |
|
17-Jun-2019 |
deraadt |
system includes first, always.
|
#
1.2 |
|
17-Jun-2019 |
deraadt |
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
|
#
1.1 |
|
17-Jun-2019 |
job |
branches: 1.1.1; Initial revision
|
#
1.16 |
|
29-Mar-2021 |
deraadt |
Check all inet_ntop() calls, in case we screw up the parameters somehow we prefer a failure rather than some sort of weird truncation ok claudio
|
#
1.15 |
|
29-Mar-2021 |
deraadt |
3 additional snprintf() range checks (inconceivable these would ever truncate, but if they do, we prefer to know) ok job claudio
|
#
1.14 |
|
08-Jan-2021 |
claudio |
Start using the ibuf API (ibuf_dynamic, ibuf_add, ibuf_close) for writing data between processes. This completely decouples the write side. rpki-client can't really use the imsg framework but it can use the ibuf bits wich imsg is built on. OK benno@ job@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.13 |
|
12-Sep-2020 |
claudio |
Include openssl/x509.h in extern.h since it uses a few of the typedefs from there in structs and prototypes. Remove the openssl/ssl.h and other strange openssl includes in the .c files that don't use openssl specific functions. OK beck@ and tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.12 |
|
16-Apr-2020 |
claudio |
It is unclear why data is memcpy-ed into a char buf[2] that is used as argument to ntohs(). Just memcpy to a uint16_t value and ntohs this value. Fixes possible alignment issues as reported by newer gcc compilers. OK beck@
|
#
1.11 |
|
16-Apr-2020 |
claudio |
Revert last commit, this file slipped in.
|
#
1.10 |
|
16-Apr-2020 |
claudio |
Replace deprecated ERR_remove_state(0) with ERR_remove_thread_state(NULL); OK tb@
|
#
1.9 |
|
27-Nov-2019 |
deraadt |
swap some comparisons
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.8 |
|
03-Oct-2019 |
claudio |
memset struct ip_addr before assigning values to it. in the IPv4 case 12 bytes of the struct were not touched and left uninitialized which is not the idea. Diff from Alexandre Hamada (hamada at registro dot br)
|
#
1.7 |
|
20-Jun-2019 |
claudio |
If the ASN1_BIT_STRING has a length of 0 the unused bit count must be 0. Check this and also adjust the upper limit check to >= 8 since only the values 0 - 7 are valid. Found by jsg@ with afl. OK deraadt@
|
#
1.6 |
|
19-Jun-2019 |
deraadt |
use $OpenBSD$ headers
|
#
1.5 |
|
19-Jun-2019 |
claudio |
Instead of the strange ASN.1 encoding of IP addresses with a size in bytes and a count of how many bits of the last byte are unused switch to a much more normal prefixlen in bits encoding for internal use. This makes the code easier to understand. Also switch to inet_ntop() for converting a struct ip_addr into a string. OK job@
|
#
1.4 |
|
19-Jun-2019 |
deraadt |
indentation adjustments, in particular near warn statements ok claudio
|
#
1.3 |
|
17-Jun-2019 |
deraadt |
system includes first, always.
|
#
1.2 |
|
17-Jun-2019 |
deraadt |
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
|
#
1.1 |
|
17-Jun-2019 |
job |
branches: 1.1.1; Initial revision
|
#
1.14 |
|
08-Jan-2021 |
claudio |
Start using the ibuf API (ibuf_dynamic, ibuf_add, ibuf_close) for writing data between processes. This completely decouples the write side. rpki-client can't really use the imsg framework but it can use the ibuf bits wich imsg is built on. OK benno@ job@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.13 |
|
12-Sep-2020 |
claudio |
Include openssl/x509.h in extern.h since it uses a few of the typedefs from there in structs and prototypes. Remove the openssl/ssl.h and other strange openssl includes in the .c files that don't use openssl specific functions. OK beck@ and tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.12 |
|
16-Apr-2020 |
claudio |
It is unclear why data is memcpy-ed into a char buf[2] that is used as argument to ntohs(). Just memcpy to a uint16_t value and ntohs this value. Fixes possible alignment issues as reported by newer gcc compilers. OK beck@
|
#
1.11 |
|
16-Apr-2020 |
claudio |
Revert last commit, this file slipped in.
|
#
1.10 |
|
16-Apr-2020 |
claudio |
Replace deprecated ERR_remove_state(0) with ERR_remove_thread_state(NULL); OK tb@
|
#
1.9 |
|
27-Nov-2019 |
deraadt |
swap some comparisons
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.8 |
|
03-Oct-2019 |
claudio |
memset struct ip_addr before assigning values to it. in the IPv4 case 12 bytes of the struct were not touched and left uninitialized which is not the idea. Diff from Alexandre Hamada (hamada at registro dot br)
|
#
1.7 |
|
20-Jun-2019 |
claudio |
If the ASN1_BIT_STRING has a length of 0 the unused bit count must be 0. Check this and also adjust the upper limit check to >= 8 since only the values 0 - 7 are valid. Found by jsg@ with afl. OK deraadt@
|
#
1.6 |
|
19-Jun-2019 |
deraadt |
use $OpenBSD$ headers
|
#
1.5 |
|
19-Jun-2019 |
claudio |
Instead of the strange ASN.1 encoding of IP addresses with a size in bytes and a count of how many bits of the last byte are unused switch to a much more normal prefixlen in bits encoding for internal use. This makes the code easier to understand. Also switch to inet_ntop() for converting a struct ip_addr into a string. OK job@
|
#
1.4 |
|
19-Jun-2019 |
deraadt |
indentation adjustments, in particular near warn statements ok claudio
|
#
1.3 |
|
17-Jun-2019 |
deraadt |
system includes first, always.
|
#
1.2 |
|
17-Jun-2019 |
deraadt |
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
|
#
1.1 |
|
17-Jun-2019 |
job |
branches: 1.1.1; Initial revision
|
#
1.13 |
|
12-Sep-2020 |
claudio |
Include openssl/x509.h in extern.h since it uses a few of the typedefs from there in structs and prototypes. Remove the openssl/ssl.h and other strange openssl includes in the .c files that don't use openssl specific functions. OK beck@ and tb@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.12 |
|
16-Apr-2020 |
claudio |
It is unclear why data is memcpy-ed into a char buf[2] that is used as argument to ntohs(). Just memcpy to a uint16_t value and ntohs this value. Fixes possible alignment issues as reported by newer gcc compilers. OK beck@
|
#
1.11 |
|
16-Apr-2020 |
claudio |
Revert last commit, this file slipped in.
|
#
1.10 |
|
16-Apr-2020 |
claudio |
Replace deprecated ERR_remove_state(0) with ERR_remove_thread_state(NULL); OK tb@
|
#
1.9 |
|
27-Nov-2019 |
deraadt |
swap some comparisons
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.8 |
|
03-Oct-2019 |
claudio |
memset struct ip_addr before assigning values to it. in the IPv4 case 12 bytes of the struct were not touched and left uninitialized which is not the idea. Diff from Alexandre Hamada (hamada at registro dot br)
|
#
1.7 |
|
20-Jun-2019 |
claudio |
If the ASN1_BIT_STRING has a length of 0 the unused bit count must be 0. Check this and also adjust the upper limit check to >= 8 since only the values 0 - 7 are valid. Found by jsg@ with afl. OK deraadt@
|
#
1.6 |
|
19-Jun-2019 |
deraadt |
use $OpenBSD$ headers
|
#
1.5 |
|
19-Jun-2019 |
claudio |
Instead of the strange ASN.1 encoding of IP addresses with a size in bytes and a count of how many bits of the last byte are unused switch to a much more normal prefixlen in bits encoding for internal use. This makes the code easier to understand. Also switch to inet_ntop() for converting a struct ip_addr into a string. OK job@
|
#
1.4 |
|
19-Jun-2019 |
deraadt |
indentation adjustments, in particular near warn statements ok claudio
|
#
1.3 |
|
17-Jun-2019 |
deraadt |
system includes first, always.
|
#
1.2 |
|
17-Jun-2019 |
deraadt |
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
|
#
1.1 |
|
17-Jun-2019 |
job |
branches: 1.1.1; Initial revision
|
#
1.12 |
|
16-Apr-2020 |
claudio |
It is unclear why data is memcpy-ed into a char buf[2] that is used as argument to ntohs(). Just memcpy to a uint16_t value and ntohs this value. Fixes possible alignment issues as reported by newer gcc compilers. OK beck@
|
#
1.11 |
|
16-Apr-2020 |
claudio |
Revert last commit, this file slipped in.
|
#
1.10 |
|
16-Apr-2020 |
claudio |
Replace deprecated ERR_remove_state(0) with ERR_remove_thread_state(NULL); OK tb@
|
#
1.9 |
|
27-Nov-2019 |
deraadt |
swap some comparisons
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.8 |
|
03-Oct-2019 |
claudio |
memset struct ip_addr before assigning values to it. in the IPv4 case 12 bytes of the struct were not touched and left uninitialized which is not the idea. Diff from Alexandre Hamada (hamada at registro dot br)
|
#
1.7 |
|
20-Jun-2019 |
claudio |
If the ASN1_BIT_STRING has a length of 0 the unused bit count must be 0. Check this and also adjust the upper limit check to >= 8 since only the values 0 - 7 are valid. Found by jsg@ with afl. OK deraadt@
|
#
1.6 |
|
19-Jun-2019 |
deraadt |
use $OpenBSD$ headers
|
#
1.5 |
|
19-Jun-2019 |
claudio |
Instead of the strange ASN.1 encoding of IP addresses with a size in bytes and a count of how many bits of the last byte are unused switch to a much more normal prefixlen in bits encoding for internal use. This makes the code easier to understand. Also switch to inet_ntop() for converting a struct ip_addr into a string. OK job@
|
#
1.4 |
|
19-Jun-2019 |
deraadt |
indentation adjustments, in particular near warn statements ok claudio
|
#
1.3 |
|
17-Jun-2019 |
deraadt |
system includes first, always.
|
#
1.2 |
|
17-Jun-2019 |
deraadt |
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
|
#
1.1 |
|
17-Jun-2019 |
job |
branches: 1.1.1; Initial revision
|
#
1.9 |
|
27-Nov-2019 |
deraadt |
swap some comparisons
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.8 |
|
03-Oct-2019 |
claudio |
memset struct ip_addr before assigning values to it. in the IPv4 case 12 bytes of the struct were not touched and left uninitialized which is not the idea. Diff from Alexandre Hamada (hamada at registro dot br)
|
#
1.7 |
|
20-Jun-2019 |
claudio |
If the ASN1_BIT_STRING has a length of 0 the unused bit count must be 0. Check this and also adjust the upper limit check to >= 8 since only the values 0 - 7 are valid. Found by jsg@ with afl. OK deraadt@
|
#
1.6 |
|
19-Jun-2019 |
deraadt |
use $OpenBSD$ headers
|
#
1.5 |
|
19-Jun-2019 |
claudio |
Instead of the strange ASN.1 encoding of IP addresses with a size in bytes and a count of how many bits of the last byte are unused switch to a much more normal prefixlen in bits encoding for internal use. This makes the code easier to understand. Also switch to inet_ntop() for converting a struct ip_addr into a string. OK job@
|
#
1.4 |
|
19-Jun-2019 |
deraadt |
indentation adjustments, in particular near warn statements ok claudio
|
#
1.3 |
|
17-Jun-2019 |
deraadt |
system includes first, always.
|
#
1.2 |
|
17-Jun-2019 |
deraadt |
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
|
#
1.1 |
|
17-Jun-2019 |
job |
branches: 1.1.1; Initial revision
|
#
1.8 |
|
03-Oct-2019 |
claudio |
memset struct ip_addr before assigning values to it. in the IPv4 case 12 bytes of the struct were not touched and left uninitialized which is not the idea. Diff from Alexandre Hamada (hamada at registro dot br)
|
#
1.7 |
|
20-Jun-2019 |
claudio |
If the ASN1_BIT_STRING has a length of 0 the unused bit count must be 0. Check this and also adjust the upper limit check to >= 8 since only the values 0 - 7 are valid. Found by jsg@ with afl. OK deraadt@
|
#
1.6 |
|
19-Jun-2019 |
deraadt |
use $OpenBSD$ headers
|
#
1.5 |
|
19-Jun-2019 |
claudio |
Instead of the strange ASN.1 encoding of IP addresses with a size in bytes and a count of how many bits of the last byte are unused switch to a much more normal prefixlen in bits encoding for internal use. This makes the code easier to understand. Also switch to inet_ntop() for converting a struct ip_addr into a string. OK job@
|
#
1.4 |
|
19-Jun-2019 |
deraadt |
indentation adjustments, in particular near warn statements ok claudio
|
#
1.3 |
|
17-Jun-2019 |
deraadt |
system includes first, always.
|
#
1.2 |
|
17-Jun-2019 |
deraadt |
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
|
#
1.1 |
|
17-Jun-2019 |
job |
branches: 1.1.1; Initial revision
|
#
1.7 |
|
20-Jun-2019 |
claudio |
If the ASN1_BIT_STRING has a length of 0 the unused bit count must be 0. Check this and also adjust the upper limit check to >= 8 since only the values 0 - 7 are valid. Found by jsg@ with afl. OK deraadt@
|
#
1.6 |
|
19-Jun-2019 |
deraadt |
use $OpenBSD$ headers
|
#
1.5 |
|
19-Jun-2019 |
claudio |
Instead of the strange ASN.1 encoding of IP addresses with a size in bytes and a count of how many bits of the last byte are unused switch to a much more normal prefixlen in bits encoding for internal use. This makes the code easier to understand. Also switch to inet_ntop() for converting a struct ip_addr into a string. OK job@
|
#
1.4 |
|
19-Jun-2019 |
deraadt |
indentation adjustments, in particular near warn statements ok claudio
|
#
1.3 |
|
17-Jun-2019 |
deraadt |
system includes first, always.
|
#
1.2 |
|
17-Jun-2019 |
deraadt |
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
|
#
1.1 |
|
17-Jun-2019 |
job |
branches: 1.1.1; Initial revision
|
#
1.6 |
|
19-Jun-2019 |
deraadt |
use $OpenBSD$ headers
|
#
1.5 |
|
19-Jun-2019 |
claudio |
Instead of the strange ASN.1 encoding of IP addresses with a size in bytes and a count of how many bits of the last byte are unused switch to a much more normal prefixlen in bits encoding for internal use. This makes the code easier to understand. Also switch to inet_ntop() for converting a struct ip_addr into a string. OK job@
|
#
1.4 |
|
19-Jun-2019 |
deraadt |
indentation adjustments, in particular near warn statements ok claudio
|
#
1.3 |
|
17-Jun-2019 |
deraadt |
system includes first, always.
|
#
1.2 |
|
17-Jun-2019 |
deraadt |
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
|
#
1.1 |
|
17-Jun-2019 |
job |
branches: 1.1.1; Initial revision
|
#
1.4 |
|
19-Jun-2019 |
deraadt |
indentation adjustments, in particular near warn statements ok claudio
|
#
1.3 |
|
17-Jun-2019 |
deraadt |
system includes first, always.
|
#
1.2 |
|
17-Jun-2019 |
deraadt |
Don't do -portable in base. It is better done outside the tree. Imagine if we did it throughout the tree, how many copies of strlcpy would we have, and how much time would all the configure shell scripts and includes take? It would be ludicrous.
|
#
1.1 |
|
17-Jun-2019 |
job |
branches: 1.1.1; Initial revision
|