usr.sbin/rpki-client/parser.c

*b5fa5d51Sclaudio/*	$OpenBSD: parser.c,v 1.148 2024/11/21 13:32:27 claudio Exp $ */
eae58378Sclaudio/*
eae58378Sclaudio * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
eae58378Sclaudio * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
eae58378Sclaudio *
eae58378Sclaudio * Permission to use, copy, modify, and distribute this software for any
eae58378Sclaudio * purpose with or without fee is hereby granted, provided that the above
eae58378Sclaudio * copyright notice and this permission notice appear in all copies.
eae58378Sclaudio *
eae58378Sclaudio * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
eae58378Sclaudio * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
eae58378Sclaudio * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
eae58378Sclaudio * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
eae58378Sclaudio * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
eae58378Sclaudio * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
eae58378Sclaudio * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
eae58378Sclaudio */
eae58378Sclaudio
eae58378Sclaudio#include <sys/queue.h>
eae58378Sclaudio#include <sys/tree.h>
eae58378Sclaudio#include <sys/types.h>
eae58378Sclaudio
eae58378Sclaudio#include <err.h>
87c7c78dSclaudio#include <fcntl.h>
eae58378Sclaudio#include <poll.h>
eae58378Sclaudio#include <stdio.h>
eae58378Sclaudio#include <stdlib.h>
eae58378Sclaudio#include <string.h>
eae58378Sclaudio#include <limits.h>
eae58378Sclaudio#include <unistd.h>
eae58378Sclaudio#include <imsg.h>
eae58378Sclaudio
c631bb87Sclaudio#include <openssl/asn1.h>
eae58378Sclaudio#include <openssl/err.h>
a1753de6Sclaudio#include <openssl/evp.h>
c631bb87Sclaudio#include <openssl/x509.h>
cac2b49eStb#include <openssl/x509v3.h>
eae58378Sclaudio
eae58378Sclaudio#include "extern.h"
eae58378Sclaudio
1d8c6443Stbextern int certid;
1d8c6443Stb
318f0572Sjobextern BN_CTX		*bn_ctx;
318f0572Sjob
6feb6ad0Sclaudiostatic X509_STORE_CTX	*ctx;
6feb6ad0Sclaudiostatic struct auth_tree	 auths = RB_INITIALIZER(&auths);
6feb6ad0Sclaudiostatic struct crl_tree	 crlt = RB_INITIALIZER(&crlt);
6feb6ad0Sclaudio
100ded9eSclaudiostruct parse_repo {
100ded9eSclaudio	RB_ENTRY(parse_repo)	 entry;
100ded9eSclaudio	char			*path;
4bccd3c1Sclaudio	char			*validpath;
100ded9eSclaudio	unsigned int		 id;
100ded9eSclaudio};
100ded9eSclaudio
100ded9eSclaudiostatic RB_HEAD(repo_tree, parse_repo)	repos = RB_INITIALIZER(&repos);
100ded9eSclaudio
100ded9eSclaudiostatic inline int
100ded9eSclaudiorepocmp(struct parse_repo *a, struct parse_repo *b)
100ded9eSclaudio{
100ded9eSclaudio	return a->id - b->id;
100ded9eSclaudio}
100ded9eSclaudio
100ded9eSclaudioRB_GENERATE_STATIC(repo_tree, parse_repo, entry, repocmp);
100ded9eSclaudio
100ded9eSclaudiostatic struct parse_repo *
100ded9eSclaudiorepo_get(unsigned int id)
100ded9eSclaudio{
100ded9eSclaudio	struct parse_repo needle = { .id = id };
100ded9eSclaudio
100ded9eSclaudio	return RB_FIND(repo_tree, &repos, &needle);
100ded9eSclaudio}
100ded9eSclaudio
100ded9eSclaudiostatic void
4bccd3c1Sclaudiorepo_add(unsigned int id, char *path, char *validpath)
100ded9eSclaudio{
100ded9eSclaudio	struct parse_repo *rp;
100ded9eSclaudio
4bccd3c1Sclaudio	if ((rp = calloc(1, sizeof(*rp))) == NULL)
100ded9eSclaudio		err(1, NULL);
100ded9eSclaudio	rp->id = id;
4bccd3c1Sclaudio	if (path != NULL)
100ded9eSclaudio		if ((rp->path = strdup(path)) == NULL)
100ded9eSclaudio			err(1, NULL);
4bccd3c1Sclaudio	if (validpath != NULL)
4bccd3c1Sclaudio		if ((rp->validpath = strdup(validpath)) == NULL)
4bccd3c1Sclaudio			err(1, NULL);
100ded9eSclaudio
100ded9eSclaudio	if (RB_INSERT(repo_tree, &repos, rp) != NULL)
100ded9eSclaudio		errx(1, "repository already added: id %d, %s", id, path);
100ded9eSclaudio}
100ded9eSclaudio
4bccd3c1Sclaudio/*
0bc420b9Sclaudio * Return the issuer by its certificate id, or NULL on failure.
0bc420b9Sclaudio * Make sure the AKI is the same as the AKI listed on the Manifest,
0bc420b9Sclaudio * and that the SKI of the cert matches with the AKI.
0bc420b9Sclaudio */
0bc420b9Sclaudiostatic struct auth *
0bc420b9Sclaudiofind_issuer(const char *fn, int id, const char *aki, const char *mftaki)
0bc420b9Sclaudio{
0bc420b9Sclaudio	struct auth *a;
0bc420b9Sclaudio
0bc420b9Sclaudio	a = auth_find(&auths, id);
0bc420b9Sclaudio	if (a == NULL) {
1d8c6443Stb		if (certid <= CERTID_MAX)
1d8c6443Stb			warnx("%s: RFC 6487: unknown cert with SKI %s", fn,
1d8c6443Stb			    aki);
0bc420b9Sclaudio		return NULL;
0bc420b9Sclaudio	}
0bc420b9Sclaudio
0bc420b9Sclaudio	if (mftaki != NULL) {
0bc420b9Sclaudio		if (strcmp(aki, mftaki) != 0) {
0bc420b9Sclaudio			warnx("%s: AKI %s doesn't match Manifest AKI %s", fn,
0bc420b9Sclaudio			    aki, mftaki);
0bc420b9Sclaudio			return NULL;
0bc420b9Sclaudio		}
0bc420b9Sclaudio	}
0bc420b9Sclaudio
0bc420b9Sclaudio	if (strcmp(aki, a->cert->ski) != 0) {
0bc420b9Sclaudio		warnx("%s: AKI %s doesn't match issuer SKI %s", fn,
0bc420b9Sclaudio		    aki, a->cert->ski);
0bc420b9Sclaudio		return NULL;
0bc420b9Sclaudio	}
0bc420b9Sclaudio
0bc420b9Sclaudio	return a;
0bc420b9Sclaudio}
0bc420b9Sclaudio
0bc420b9Sclaudio/*
df512fbcSclaudio * Build access path to file based on repoid, path, location and file values.
4bccd3c1Sclaudio */
4bccd3c1Sclaudiostatic char *
4bccd3c1Sclaudioparse_filepath(unsigned int repoid, const char *path, const char *file,
df512fbcSclaudio    enum location loc)
4bccd3c1Sclaudio{
4bccd3c1Sclaudio	struct parse_repo	*rp;
4bccd3c1Sclaudio	char			*fn, *repopath;
4bccd3c1Sclaudio
4bccd3c1Sclaudio	/* build file path based on repoid, entity path and filename */
4bccd3c1Sclaudio	rp = repo_get(repoid);
df512fbcSclaudio	if (rp == NULL)
441ac56aSclaudio		errx(1, "build file path: repository %u missing", repoid);
4bccd3c1Sclaudio
df512fbcSclaudio	if (loc == DIR_VALID)
4bccd3c1Sclaudio		repopath = rp->validpath;
4bccd3c1Sclaudio	else
4bccd3c1Sclaudio		repopath = rp->path;
4bccd3c1Sclaudio
4bccd3c1Sclaudio	if (repopath == NULL)
4bccd3c1Sclaudio		return NULL;
4bccd3c1Sclaudio
4bccd3c1Sclaudio	if (path == NULL) {
4bccd3c1Sclaudio		if (asprintf(&fn, "%s/%s", repopath, file) == -1)
4bccd3c1Sclaudio			err(1, NULL);
4bccd3c1Sclaudio	} else {
df512fbcSclaudio		if (asprintf(&fn, "%s/%s/%s", repopath, path, file) == -1)
4bccd3c1Sclaudio			err(1, NULL);
4bccd3c1Sclaudio	}
4bccd3c1Sclaudio	return fn;
4bccd3c1Sclaudio}
4bccd3c1Sclaudio
4bccd3c1Sclaudio/*
eae58378Sclaudio * Parse and validate a ROA.
eae58378Sclaudio * This is standard stuff.
eae58378Sclaudio * Returns the roa on success, NULL on failure.
eae58378Sclaudio */
eae58378Sclaudiostatic struct roa *
32c8d2feSjobproc_parser_roa(char *file, const unsigned char *der, size_t len,
0636c4d0Stb    const struct entity *entp)
eae58378Sclaudio{
eae58378Sclaudio	struct roa		*roa;
aec10a2aStb	X509			*x509 = NULL;
4bccd3c1Sclaudio	struct auth		*a;
d7e95037Stb	struct crl		*crl;
fd7a2857Sclaudio	const char		*errstr;
eae58378Sclaudio
0636c4d0Stb	if ((roa = roa_parse(&x509, file, entp->talid, der, len)) == NULL)
aec10a2aStb		goto out;
eae58378Sclaudio
0bc420b9Sclaudio	a = find_issuer(file, entp->certid, roa->aki, entp->mftaki);
aec10a2aStb	if (a == NULL)
aec10a2aStb		goto out;
c4a9443cSclaudio	crl = crl_get(&crlt, a);
eae58378Sclaudio
fd7a2857Sclaudio	if (!valid_x509(file, ctx, x509, a, crl, &errstr)) {
fd7a2857Sclaudio		warnx("%s: %s", file, errstr);
aec10a2aStb		goto out;
eae58378Sclaudio	}
4bccd3c1Sclaudio	X509_free(x509);
aec10a2aStb	x509 = NULL;
a66158d7Sjob
24069af1Sclaudio	roa->talid = a->cert->talid;
24069af1Sclaudio
534b6674Sjob	roa->expires = x509_find_expires(roa->notafter, a, &crlt);
eae58378Sclaudio
eae58378Sclaudio	return roa;
aec10a2aStb
aec10a2aStb out:
aec10a2aStb	roa_free(roa);
aec10a2aStb	X509_free(x509);
aec10a2aStb
aec10a2aStb	return NULL;
eae58378Sclaudio}
eae58378Sclaudio
eae58378Sclaudio/*
d4be4cdeSjob * Parse and validate a draft-ietf-sidrops-rpki-prefixlist SPL.
d4be4cdeSjob * Returns the spl on success, NULL on failure.
d4be4cdeSjob */
d4be4cdeSjobstatic struct spl *
d4be4cdeSjobproc_parser_spl(char *file, const unsigned char *der, size_t len,
d4be4cdeSjob    const struct entity *entp)
d4be4cdeSjob{
d4be4cdeSjob	struct spl		*spl;
aec10a2aStb	X509			*x509 = NULL;
d4be4cdeSjob	struct auth		*a;
d4be4cdeSjob	struct crl		*crl;
d4be4cdeSjob	const char		*errstr;
d4be4cdeSjob
d4be4cdeSjob	if ((spl = spl_parse(&x509, file, entp->talid, der, len)) == NULL)
aec10a2aStb		goto out;
d4be4cdeSjob
0bc420b9Sclaudio	a = find_issuer(file, entp->certid, spl->aki, entp->mftaki);
aec10a2aStb	if (a == NULL)
aec10a2aStb		goto out;
d4be4cdeSjob	crl = crl_get(&crlt, a);
d4be4cdeSjob
d4be4cdeSjob	if (!valid_x509(file, ctx, x509, a, crl, &errstr)) {
d4be4cdeSjob		warnx("%s: %s", file, errstr);
aec10a2aStb		goto out;
d4be4cdeSjob	}
d4be4cdeSjob	X509_free(x509);
aec10a2aStb	x509 = NULL;
d4be4cdeSjob
d4be4cdeSjob	spl->talid = a->cert->talid;
d4be4cdeSjob
d4be4cdeSjob	spl->expires = x509_find_expires(spl->notafter, a, &crlt);
d4be4cdeSjob
d4be4cdeSjob	return spl;
aec10a2aStb
aec10a2aStb out:
aec10a2aStb	spl_free(spl);
aec10a2aStb	X509_free(x509);
aec10a2aStb
aec10a2aStb	return NULL;
d4be4cdeSjob}
d4be4cdeSjob
d4be4cdeSjob/*
87c7c78dSclaudio * Check all files and their hashes in a MFT structure.
87c7c78dSclaudio * Return zero on failure, non-zero on success.
87c7c78dSclaudio */
487aa6cbSclaudiostatic int
487aa6cbSclaudioproc_parser_mft_check(const char *fn, struct mft *p)
87c7c78dSclaudio{
df512fbcSclaudio	const enum location loc[2] = { DIR_TEMP, DIR_VALID };
87c7c78dSclaudio	size_t	 i;
685326f5Sclaudio	int	 rc = 1;
685326f5Sclaudio	char	*path;
87c7c78dSclaudio
94674fa3Stb	if (p == NULL)
94674fa3Stb		return 0;
94674fa3Stb
87c7c78dSclaudio	for (i = 0; i < p->filesz; i++) {
df512fbcSclaudio		struct mftfile *m = &p->files[i];
df512fbcSclaudio		int try, fd = -1, noent = 0, valid = 0;
df512fbcSclaudio		for (try = 0; try < 2 && !valid; try++) {
4bccd3c1Sclaudio			if ((path = parse_filepath(p->repoid, p->path, m->file,
df512fbcSclaudio			    loc[try])) == NULL)
df512fbcSclaudio				continue;
87c7c78dSclaudio			fd = open(path, O_RDONLY);
df512fbcSclaudio			if (fd == -1 && errno == ENOENT)
df512fbcSclaudio				noent++;
4bccd3c1Sclaudio			free(path);
4bccd3c1Sclaudio
df512fbcSclaudio			/* remember which path was checked */
df512fbcSclaudio			m->location = loc[try];
df512fbcSclaudio			valid = valid_filehash(fd, m->hash, sizeof(m->hash));
df512fbcSclaudio		}
df512fbcSclaudio
df512fbcSclaudio		if (!valid) {
df512fbcSclaudio			/* silently skip not-existing unknown files */
df512fbcSclaudio			if (m->type == RTYPE_INVALID && noent == 2)
df512fbcSclaudio				continue;
7822b8bfSjob			warnx("%s#%s: bad message digest for %s", fn,
7822b8bfSjob			    p->seqnum, m->file);
87c7c78dSclaudio			rc = 0;
df512fbcSclaudio			continue;
87c7c78dSclaudio		}
87c7c78dSclaudio	}
87c7c78dSclaudio
87c7c78dSclaudio	return rc;
87c7c78dSclaudio}
87c7c78dSclaudio
87c7c78dSclaudio/*
6fd959f8Stb * Load the CRL from loc using the info from the MFT.
23bc08f8Sclaudio */
23bc08f8Sclaudiostatic struct crl *
6fd959f8Stbparse_load_crl_from_mft(struct entity *entp, struct mft *mft, enum location loc,
6fd959f8Stb    char **crlfile)
23bc08f8Sclaudio{
23bc08f8Sclaudio	struct crl	*crl = NULL;
23bc08f8Sclaudio	unsigned char	*f = NULL;
23bc08f8Sclaudio	char		*fn = NULL;
23bc08f8Sclaudio	size_t		 flen;
23bc08f8Sclaudio
6fd959f8Stb	*crlfile = NULL;
6fd959f8Stb
23bc08f8Sclaudio	fn = parse_filepath(entp->repoid, entp->path, mft->crl, loc);
23bc08f8Sclaudio	if (fn == NULL)
6fd959f8Stb		goto out;
23bc08f8Sclaudio
23bc08f8Sclaudio	f = load_file(fn, &flen);
6fd959f8Stb	if (f == NULL) {
6fd959f8Stb		if (errno != ENOENT)
23bc08f8Sclaudio			warn("parse file %s", fn);
6fd959f8Stb		goto out;
6fd959f8Stb	}
6fd959f8Stb
23bc08f8Sclaudio	if (!valid_hash(f, flen, mft->crlhash, sizeof(mft->crlhash)))
6fd959f8Stb		goto out;
6fd959f8Stb
23bc08f8Sclaudio	crl = crl_parse(fn, f, flen);
6fd959f8Stb	if (crl == NULL)
6fd959f8Stb		goto out;
fd7a2857Sclaudio
32c8d2feSjob	if (strcmp(crl->aki, mft->aki) != 0) {
32c8d2feSjob		warnx("%s: AKI doesn't match Manifest AKI", fn);
32c8d2feSjob		goto out;
32c8d2feSjob	}
32c8d2feSjob
c207abadSjob	if ((crl->mftpath = strdup(mft->sia)) == NULL)
c207abadSjob		err(1, NULL);
c207abadSjob
e038f1a1Sclaudio	*crlfile = fn;
6fd959f8Stb	free(f);
6fd959f8Stb
23bc08f8Sclaudio	return crl;
6fd959f8Stb
6fd959f8Stb out:
32c8d2feSjob	crl_free(crl);
6fd959f8Stb	free(f);
e038f1a1Sclaudio	free(fn);
6fd959f8Stb
23bc08f8Sclaudio	return NULL;
23bc08f8Sclaudio}
23bc08f8Sclaudio
23bc08f8Sclaudio/*
05c37678Sjob * Parse and validate a manifest file.
05c37678Sjob * Don't check the fileandhash, this is done later on.
05c37678Sjob * Return the mft on success, or NULL on failure.
eae58378Sclaudio */
eae58378Sclaudiostatic struct mft *
52b4e3adSjobproc_parser_mft_pre(struct entity *entp, char *file, struct crl **crl,
52b4e3adSjob    char **crlfile, struct mft *cached_mft, const char **errstr)
eae58378Sclaudio{
eae58378Sclaudio	struct mft	*mft;
eae58378Sclaudio	X509		*x509;
eae58378Sclaudio	struct auth	*a;
a4968bd9Stb	unsigned char	*der;
a4968bd9Stb	size_t		 len;
8cad1871Sjob	time_t		 now;
1039ba60Stb	int		 issued_cmp, seqnum_cmp;
eae58378Sclaudio
23bc08f8Sclaudio	*crl = NULL;
e038f1a1Sclaudio	*crlfile = NULL;
fd7a2857Sclaudio	*errstr = NULL;
eae58378Sclaudio
09ad02f4Sjob	if (file == NULL)
a4968bd9Stb		return NULL;
a4968bd9Stb
09ad02f4Sjob	der = load_file(file, &len);
a4968bd9Stb	if (der == NULL && errno != ENOENT)
09ad02f4Sjob		warn("parse file %s", file);
a4968bd9Stb
09ad02f4Sjob	if ((mft = mft_parse(&x509, file, entp->talid, der, len)) == NULL) {
a4968bd9Stb		free(der);
a4968bd9Stb		return NULL;
a4968bd9Stb	}
c5b5cf9aSjob
b1d56901Sjob	if (entp->path != NULL) {
b1d56901Sjob		if ((mft->path = strdup(entp->path)) == NULL)
b1d56901Sjob			err(1, NULL);
b1d56901Sjob	}
b1d56901Sjob
c5b5cf9aSjob	if (!EVP_Digest(der, len, mft->mfthash, NULL, EVP_sha256(), NULL))
c5b5cf9aSjob		errx(1, "EVP_Digest failed");
c5b5cf9aSjob
a4968bd9Stb	free(der);
a4968bd9Stb
6fd959f8Stb	*crl = parse_load_crl_from_mft(entp, mft, DIR_TEMP, crlfile);
6fd959f8Stb	if (*crl == NULL)
6fd959f8Stb		*crl = parse_load_crl_from_mft(entp, mft, DIR_VALID, crlfile);
a4968bd9Stb
0bc420b9Sclaudio	a = find_issuer(file, entp->certid, mft->aki, NULL);
1d8c6443Stb	if (a == NULL)
1d8c6443Stb		goto err;
09ad02f4Sjob	if (!valid_x509(file, ctx, x509, a, *crl, errstr))
690a1eadStb		goto err;
690a1eadStb	X509_free(x509);
690a1eadStb	x509 = NULL;
690a1eadStb
690a1eadStb	mft->repoid = entp->repoid;
690a1eadStb	mft->talid = a->cert->talid;
0bc420b9Sclaudio	mft->certid = entp->certid;
690a1eadStb
8cad1871Sjob	now = get_current_time();
8cad1871Sjob	/* check that now is not before from */
8cad1871Sjob	if (now < mft->thisupdate) {
09ad02f4Sjob		warnx("%s: manifest not yet valid %s", file,
8cad1871Sjob		    time2str(mft->thisupdate));
c6be5ad7Sjob		goto err;
8cad1871Sjob	}
8cad1871Sjob	/* check that now is not after until */
8cad1871Sjob	if (now > mft->nextupdate) {
09ad02f4Sjob		warnx("%s: manifest expired on %s", file,
8cad1871Sjob		    time2str(mft->nextupdate));
c6be5ad7Sjob		goto err;
8cad1871Sjob	}
8cad1871Sjob
8cad1871Sjob	/* if there is nothing to compare to, return now */
86eea840Stb	if (cached_mft == NULL)
86eea840Stb		return mft;
86eea840Stb
86eea840Stb	/*
1039ba60Stb	 * Check that the cached manifest is older in the sense that it was
1039ba60Stb	 * issued earlier and that it has a smaller sequence number.
86eea840Stb	 */
86eea840Stb
1039ba60Stb	if ((issued_cmp = mft_compare_issued(mft, cached_mft)) < 0) {
62c6bfd2Sjob		warnx("%s: unexpected manifest issuance date (want >= %lld, "
09ad02f4Sjob		    "got %lld)", file, (long long)cached_mft->thisupdate,
1039ba60Stb		    (long long)mft->thisupdate);
1039ba60Stb		goto err;
1039ba60Stb	}
e73085f8Stb	if ((seqnum_cmp = mft_compare_seqnum(mft, cached_mft)) < 0) {
86eea840Stb		warnx("%s: unexpected manifest number (want >= #%s, got #%s)",
09ad02f4Sjob		    file, cached_mft->seqnum, mft->seqnum);
86eea840Stb		goto err;
86eea840Stb	}
1039ba60Stb	if (issued_cmp > 0 && seqnum_cmp == 0) {
62c6bfd2Sjob		warnx("%s: manifest issued at %lld and %lld with same "
09ad02f4Sjob		    "manifest number #%s", file, (long long)mft->thisupdate,
62c6bfd2Sjob		    (long long)cached_mft->thisupdate, cached_mft->seqnum);
1039ba60Stb		goto err;
1039ba60Stb	}
1039ba60Stb	if (issued_cmp == 0 && seqnum_cmp > 0) {
62c6bfd2Sjob		warnx("%s: #%s and #%s were issued at same issuance date %lld",
09ad02f4Sjob		    file, mft->seqnum, cached_mft->seqnum,
62c6bfd2Sjob		    (long long)mft->thisupdate);
1039ba60Stb		goto err;
1039ba60Stb	}
1039ba60Stb	if (issued_cmp == 0 && seqnum_cmp == 0 && memcmp(mft->mfthash,
86eea840Stb	    cached_mft->mfthash, SHA256_DIGEST_LENGTH) != 0) {
62c6bfd2Sjob		warnx("%s: misissuance, issuance date %lld and manifest number "
09ad02f4Sjob		    "#%s were recycled", file, (long long)mft->thisupdate,
62c6bfd2Sjob		    mft->seqnum);
86eea840Stb		goto err;
86eea840Stb	}
86eea840Stb
318f0572Sjob	if (seqnum_cmp > 0) {
318f0572Sjob		if (mft_seqnum_gap_present(mft, cached_mft)) {
318f0572Sjob			mft->seqnum_gap = 1;
318f0572Sjob			warnx("%s: seqnum gap detected #%s -> #%s", file,
318f0572Sjob			    cached_mft->seqnum, mft->seqnum);
318f0572Sjob		}
318f0572Sjob	}
318f0572Sjob
690a1eadStb	return mft;
690a1eadStb
690a1eadStb err:
f999fe57Sclaudio	X509_free(x509);
23bc08f8Sclaudio	mft_free(mft);
23bc08f8Sclaudio	crl_free(*crl);
23bc08f8Sclaudio	*crl = NULL;
e038f1a1Sclaudio	free(*crlfile);
e038f1a1Sclaudio	*crlfile = NULL;
f999fe57Sclaudio	return NULL;
f999fe57Sclaudio}
df512fbcSclaudio
df512fbcSclaudio/*
23bc08f8Sclaudio * Load the most recent MFT by opening both options and comparing the two.
23bc08f8Sclaudio */
23bc08f8Sclaudiostatic char *
08ac1330Sjobproc_parser_mft(struct entity *entp, struct mft **mp, char **crlfile,
08ac1330Sjob    time_t *crlmtime)
23bc08f8Sclaudio{
23bc08f8Sclaudio	struct mft	*mft1 = NULL, *mft2 = NULL;
52b4e3adSjob	struct crl	*crl, *crl1 = NULL, *crl2 = NULL;
52b4e3adSjob	char		*file, *file1 = NULL, *file2 = NULL;
52b4e3adSjob	char		*crl1file = NULL, *crl2file = NULL;
52b4e3adSjob	const char	*err1 = NULL, *err2 = NULL;
23bc08f8Sclaudio
23bc08f8Sclaudio	*mp = NULL;
08ac1330Sjob	*crlmtime = 0;
23bc08f8Sclaudio
09ad02f4Sjob	file2 = parse_filepath(entp->repoid, entp->path, entp->file, DIR_VALID);
52b4e3adSjob	mft2 = proc_parser_mft_pre(entp, file2, &crl2, &crl2file, NULL, &err2);
09ad02f4Sjob
52b4e3adSjob	if (!noop) {
52b4e3adSjob		file1 = parse_filepath(entp->repoid, entp->path, entp->file,
52b4e3adSjob		    DIR_TEMP);
52b4e3adSjob		mft1 = proc_parser_mft_pre(entp, file1, &crl1, &crl1file, mft2,
52b4e3adSjob		    &err1);
52b4e3adSjob	}
23bc08f8Sclaudio
4dfb12e7Sjob	if (proc_parser_mft_check(file1, mft1)) {
23bc08f8Sclaudio		mft_free(mft2);
23bc08f8Sclaudio		crl_free(crl2);
e038f1a1Sclaudio		free(crl2file);
23bc08f8Sclaudio		free(file2);
102443c7Sjob
94674fa3Stb		*mp = mft1;
23bc08f8Sclaudio		crl = crl1;
23bc08f8Sclaudio		file = file1;
e038f1a1Sclaudio		*crlfile = crl1file;
23bc08f8Sclaudio	} else {
94674fa3Stb		if (mft1 != NULL && mft2 != NULL)
94674fa3Stb			warnx("%s: failed fetch, continuing with #%s "
94674fa3Stb			    "from cache", file2, mft2->seqnum);
94674fa3Stb
6aaa3c8dStb		if (!proc_parser_mft_check(file2, mft2)) {
a0d2775aStb			mft_free(mft2);
a0d2775aStb			mft2 = NULL;
94674fa3Stb
102443c7Sjob			if (err2 == NULL)
102443c7Sjob				err2 = err1;
a0d2775aStb			if (err2 == NULL)
94674fa3Stb				err2 = "no valid manifest available";
1d8c6443Stb			if (certid <= CERTID_MAX)
a0d2775aStb				warnx("%s: %s", file2, err2);
a0d2775aStb		}
102443c7Sjob
23bc08f8Sclaudio		mft_free(mft1);
23bc08f8Sclaudio		crl_free(crl1);
e038f1a1Sclaudio		free(crl1file);
23bc08f8Sclaudio		free(file1);
102443c7Sjob
6aaa3c8dStb		*mp = mft2;
23bc08f8Sclaudio		crl = crl2;
23bc08f8Sclaudio		file = file2;
e038f1a1Sclaudio		*crlfile = crl2file;
23bc08f8Sclaudio	}
23bc08f8Sclaudio
23bc08f8Sclaudio	if (*mp != NULL) {
c527cc7aSjob		*crlmtime = crl->thisupdate;
fc437288Stb		if (crl_insert(&crlt, crl))
fc437288Stb			crl = NULL;
23bc08f8Sclaudio	}
23bc08f8Sclaudio	crl_free(crl);
fc437288Stb
23bc08f8Sclaudio	return file;
23bc08f8Sclaudio}
23bc08f8Sclaudio
23bc08f8Sclaudio/*
f43c4d92Sclaudio * Certificates are from manifests (has a digest and is signed with
f43c4d92Sclaudio * another certificate) Parse the certificate, make sure its
f43c4d92Sclaudio * signatures are valid (with CRLs), then validate the RPKI content.
f43c4d92Sclaudio * This returns a certificate (which must not be freed) or NULL on
f43c4d92Sclaudio * parse failure.
f43c4d92Sclaudio */
f43c4d92Sclaudiostatic struct cert *
32c8d2feSjobproc_parser_cert(char *file, const unsigned char *der, size_t len,
0bc420b9Sclaudio    const struct entity *entp)
f43c4d92Sclaudio{
f43c4d92Sclaudio	struct cert	*cert;
ad462a11Sclaudio	struct crl	*crl;
ad462a11Sclaudio	struct auth	*a;
fd7a2857Sclaudio	const char	*errstr = NULL;
f43c4d92Sclaudio
f43c4d92Sclaudio	/* Extract certificate data. */
f43c4d92Sclaudio
ba153bd8Sclaudio	cert = cert_parse_pre(file, der, len);
ba153bd8Sclaudio	cert = cert_parse(file, cert);
f43c4d92Sclaudio	if (cert == NULL)
aec10a2aStb		goto out;
f43c4d92Sclaudio
0bc420b9Sclaudio	a = find_issuer(file, entp->certid, cert->aki, entp->mftaki);
aec10a2aStb	if (a == NULL)
aec10a2aStb		goto out;
ad462a11Sclaudio	crl = crl_get(&crlt, a);
ad462a11Sclaudio
fd7a2857Sclaudio	if (!valid_x509(file, ctx, cert->x509, a, crl, &errstr) ||
ad462a11Sclaudio	    !valid_cert(file, a, cert)) {
fd7a2857Sclaudio		if (errstr != NULL)
fd7a2857Sclaudio			warnx("%s: %s", file, errstr);
aec10a2aStb		goto out;
ad462a11Sclaudio	}
ad462a11Sclaudio
ad462a11Sclaudio	cert->talid = a->cert->talid;
ad462a11Sclaudio
891d6bceSjob	if (cert->purpose == CERT_PURPOSE_BGPSEC_ROUTER) {
aec10a2aStb		if (!constraints_validate(file, cert))
aec10a2aStb			goto out;
891d6bceSjob	}
891d6bceSjob
ad462a11Sclaudio	/*
ad462a11Sclaudio	 * Add validated CA certs to the RPKI auth tree.
ad462a11Sclaudio	 */
ad462a11Sclaudio	if (cert->purpose == CERT_PURPOSE_CA)
0bc420b9Sclaudio		auth_insert(file, &auths, cert, a);
ad462a11Sclaudio
f43c4d92Sclaudio	return cert;
aec10a2aStb
aec10a2aStb out:
aec10a2aStb	cert_free(cert);
aec10a2aStb
aec10a2aStb	return NULL;
f43c4d92Sclaudio}
f43c4d92Sclaudio
b12001c0Stbstatic int
b12001c0Stbproc_parser_ta_cmp(const struct cert *cert1, const struct cert *cert2)
eae58378Sclaudio{
b12001c0Stb	if (cert1 == NULL)
b12001c0Stb		return -1;
b12001c0Stb	if (cert2 == NULL)
b12001c0Stb		return 1;
eae58378Sclaudio
198a0520Sclaudio	/*
93ab8db6Sjob	 * The standards don't specify tiebreakers. While RFC 6487 and other
93ab8db6Sjob	 * sources advise against backdating, it's explicitly allowed and some
93ab8db6Sjob	 * TAs do. Some TAs have also re-issued with new dates and old
93ab8db6Sjob	 * serialNumber.
93ab8db6Sjob	 * Our tiebreaker logic: a more recent notBefore is taken to mean a
93ab8db6Sjob	 * more recent issuance, and thus preferable. Given equal notBefore
93ab8db6Sjob	 * values, prefer the TA cert with the narrower validity window. This
93ab8db6Sjob	 * hopefully encourages TA operators to reduce egregiously long TA
93ab8db6Sjob	 * validity periods.
198a0520Sclaudio	 */
eae58378Sclaudio
b12001c0Stb	if (cert1->notbefore < cert2->notbefore)
b12001c0Stb		return -1;
b12001c0Stb	if (cert1->notbefore > cert2->notbefore)
b12001c0Stb		return 1;
b12001c0Stb
93ab8db6Sjob	if (cert1->notafter > cert2->notafter)
93ab8db6Sjob		return -1;
93ab8db6Sjob	if (cert1->notafter < cert2->notafter)
93ab8db6Sjob		return 1;
93ab8db6Sjob
b12001c0Stb	/*
18165bc1Stb	 * Both certs are valid from our perspective. If anything changed,
18165bc1Stb	 * prefer the freshly-fetched one. We rely on cert_parse_pre() having
18165bc1Stb	 * cached the extensions and thus libcrypto has already computed the
18165bc1Stb	 * certs' hashes (SHA-1 for OpenSSL, SHA-512 for LibreSSL). The below
18165bc1Stb	 * compares them.
b12001c0Stb	 */
b12001c0Stb
18165bc1Stb	return X509_cmp(cert1->x509, cert2->x509) != 0;
b12001c0Stb}
b12001c0Stb
b12001c0Stb/*
b12001c0Stb * Root certificates come from TALs. Inspect and validate both options and
b12001c0Stb * compare the two. The cert in out_cert must not be freed. Returns the file
b12001c0Stb * name of the chosen TA.
b12001c0Stb */
b12001c0Stbstatic char *
b12001c0Stbproc_parser_root_cert(struct entity *entp, struct cert **out_cert)
b12001c0Stb{
b12001c0Stb	struct cert		*cert1 = NULL, *cert2 = NULL;
b12001c0Stb	char			*file1 = NULL, *file2 = NULL;
b12001c0Stb	unsigned char		*der = NULL, *pkey = entp->data;
b12001c0Stb	size_t			 der_len = 0, pkeysz = entp->datasz;
b12001c0Stb	int			 cmp;
b12001c0Stb
b12001c0Stb	*out_cert = NULL;
b12001c0Stb
b12001c0Stb	file2 = parse_filepath(entp->repoid, entp->path, entp->file, DIR_VALID);
b12001c0Stb	der = load_file(file2, &der_len);
b12001c0Stb	cert2 = cert_parse_pre(file2, der, der_len);
b12001c0Stb	free(der);
b12001c0Stb	cert2 = ta_parse(file2, cert2, pkey, pkeysz);
b12001c0Stb
b12001c0Stb	if (!noop) {
b12001c0Stb		file1 = parse_filepath(entp->repoid, entp->path, entp->file,
b12001c0Stb		    DIR_TEMP);
b12001c0Stb		der = load_file(file1, &der_len);
b12001c0Stb		cert1 = cert_parse_pre(file1, der, der_len);
b12001c0Stb		free(der);
b12001c0Stb		cert1 = ta_parse(file1, cert1, pkey, pkeysz);
b12001c0Stb	}
b12001c0Stb
b12001c0Stb	if ((cmp = proc_parser_ta_cmp(cert1, cert2)) > 0) {
b12001c0Stb		cert_free(cert2);
b12001c0Stb		free(file2);
b12001c0Stb
b12001c0Stb		cert1->talid = entp->talid;
b12001c0Stb		auth_insert(file1, &auths, cert1, NULL);
b12001c0Stb
b12001c0Stb		*out_cert = cert1;
b12001c0Stb		return file1;
b12001c0Stb	} else {
b12001c0Stb		if (cmp < 0 && cert1 != NULL && cert2 != NULL)
b12001c0Stb			warnx("%s: cached TA is newer", entp->file);
b12001c0Stb		cert_free(cert1);
b12001c0Stb		free(file1);
b12001c0Stb
b12001c0Stb		if (cert2 != 0) {
b12001c0Stb			cert2->talid = entp->talid;
b12001c0Stb			auth_insert(file2, &auths, cert2, NULL);
b12001c0Stb		}
b12001c0Stb
b12001c0Stb		*out_cert = cert2;
b12001c0Stb		return file2;
b12001c0Stb	}
eae58378Sclaudio}
eae58378Sclaudio
eae58378Sclaudio/*
eae58378Sclaudio * Parse a ghostbuster record
eae58378Sclaudio */
08ac1330Sjobstatic struct gbr *
32c8d2feSjobproc_parser_gbr(char *file, const unsigned char *der, size_t len,
0636c4d0Stb    const struct entity *entp)
eae58378Sclaudio{
eae58378Sclaudio	struct gbr	*gbr;
aec10a2aStb	X509		*x509 = NULL;
4bccd3c1Sclaudio	struct crl	*crl;
d7e95037Stb	struct auth	*a;
fd7a2857Sclaudio	const char	*errstr;
eae58378Sclaudio
0636c4d0Stb	if ((gbr = gbr_parse(&x509, file, entp->talid, der, len)) == NULL)
aec10a2aStb		goto out;
eae58378Sclaudio
0bc420b9Sclaudio	a = find_issuer(file, entp->certid, gbr->aki, entp->mftaki);
aec10a2aStb	if (a == NULL)
aec10a2aStb		goto out;
c4a9443cSclaudio	crl = crl_get(&crlt, a);
eae58378Sclaudio
08ac1330Sjob	if (!valid_x509(file, ctx, x509, a, crl, &errstr)) {
fd7a2857Sclaudio		warnx("%s: %s", file, errstr);
aec10a2aStb		goto out;
08ac1330Sjob	}
08ac1330Sjob	X509_free(x509);
aec10a2aStb	x509 = NULL;
08ac1330Sjob
08ac1330Sjob	gbr->talid = a->cert->talid;
08ac1330Sjob
08ac1330Sjob	return gbr;
aec10a2aStb
aec10a2aStb out:
aec10a2aStb	gbr_free(gbr);
aec10a2aStb	X509_free(x509);
aec10a2aStb
aec10a2aStb	return NULL;
eae58378Sclaudio}
eae58378Sclaudio
11e5e285Sclaudio/*
a29ddfd5Sjob * Parse an ASPA object
a29ddfd5Sjob */
a29ddfd5Sjobstatic struct aspa *
32c8d2feSjobproc_parser_aspa(char *file, const unsigned char *der, size_t len,
0636c4d0Stb    const struct entity *entp)
a29ddfd5Sjob{
a29ddfd5Sjob	struct aspa	*aspa;
aec10a2aStb	X509		*x509 = NULL;
a29ddfd5Sjob	struct auth	*a;
a29ddfd5Sjob	struct crl	*crl;
fd7a2857Sclaudio	const char	*errstr;
a29ddfd5Sjob
0636c4d0Stb	if ((aspa = aspa_parse(&x509, file, entp->talid, der, len)) == NULL)
aec10a2aStb		goto out;
a29ddfd5Sjob
0bc420b9Sclaudio	a = find_issuer(file, entp->certid, aspa->aki, entp->mftaki);
aec10a2aStb	if (a == NULL)
aec10a2aStb		goto out;
a29ddfd5Sjob	crl = crl_get(&crlt, a);
a29ddfd5Sjob
fd7a2857Sclaudio	if (!valid_x509(file, ctx, x509, a, crl, &errstr)) {
fd7a2857Sclaudio		warnx("%s: %s", file, errstr);
aec10a2aStb		goto out;
a29ddfd5Sjob	}
a29ddfd5Sjob	X509_free(x509);
aec10a2aStb	x509 = NULL;
a29ddfd5Sjob
a29ddfd5Sjob	aspa->talid = a->cert->talid;
a29ddfd5Sjob
534b6674Sjob	aspa->expires = x509_find_expires(aspa->notafter, a, &crlt);
a29ddfd5Sjob
a29ddfd5Sjob	return aspa;
aec10a2aStb
aec10a2aStb out:
aec10a2aStb	aspa_free(aspa);
aec10a2aStb	X509_free(x509);
aec10a2aStb
aec10a2aStb	return NULL;
a29ddfd5Sjob}
a29ddfd5Sjob
a29ddfd5Sjob/*
ee2a33daSjob * Parse a TAK object.
ee2a33daSjob */
ee2a33daSjobstatic struct tak *
32c8d2feSjobproc_parser_tak(char *file, const unsigned char *der, size_t len,
0636c4d0Stb    const struct entity *entp)
ee2a33daSjob{
ee2a33daSjob	struct tak	*tak;
aec10a2aStb	X509		*x509 = NULL;
ee2a33daSjob	struct crl	*crl;
ee2a33daSjob	struct auth	*a;
fd7a2857Sclaudio	const char	*errstr;
ee2a33daSjob
0636c4d0Stb	if ((tak = tak_parse(&x509, file, entp->talid, der, len)) == NULL)
aec10a2aStb		goto out;
ee2a33daSjob
0bc420b9Sclaudio	a = find_issuer(file, entp->certid, tak->aki, entp->mftaki);
1d8c6443Stb	if (a == NULL)
1d8c6443Stb		goto out;
ee2a33daSjob	crl = crl_get(&crlt, a);
ee2a33daSjob
fd7a2857Sclaudio	if (!valid_x509(file, ctx, x509, a, crl, &errstr)) {
fd7a2857Sclaudio		warnx("%s: %s", file, errstr);
ee2a33daSjob		goto out;
fd7a2857Sclaudio	}
aec10a2aStb	X509_free(x509);
aec10a2aStb	x509 = NULL;
ee2a33daSjob
ee2a33daSjob	/* TAK EE must be signed by self-signed CA */
335482abStb	if (a->issuer != NULL)
ee2a33daSjob		goto out;
ee2a33daSjob
ee2a33daSjob	tak->talid = a->cert->talid;
aec10a2aStb
ee2a33daSjob	return tak;
aec10a2aStb
aec10a2aStb out:
aec10a2aStb	tak_free(tak);
aec10a2aStb	X509_free(x509);
aec10a2aStb
aec10a2aStb	return NULL;
ee2a33daSjob}
ee2a33daSjob
ee2a33daSjob/*
df512fbcSclaudio * Load the file specified by the entity information.
df512fbcSclaudio */
100ded9eSclaudiostatic char *
4bccd3c1Sclaudioparse_load_file(struct entity *entp, unsigned char **f, size_t *flen)
100ded9eSclaudio{
df512fbcSclaudio	char *file;
100ded9eSclaudio
df512fbcSclaudio	file = parse_filepath(entp->repoid, entp->path, entp->file,
df512fbcSclaudio	    entp->location);
df512fbcSclaudio	if (file == NULL)
df512fbcSclaudio		errx(1, "no path to file");
4bccd3c1Sclaudio
df512fbcSclaudio	*f = load_file(file, flen);
df512fbcSclaudio	if (*f == NULL)
df512fbcSclaudio		warn("parse file %s", file);
df512fbcSclaudio
4bccd3c1Sclaudio	return file;
100ded9eSclaudio}
4bccd3c1Sclaudio
d7e95037Stb/*
3b77ffafSjob * Process an entity and respond to parent process.
f43c4d92Sclaudio */
6feb6ad0Sclaudiostatic void
6feb6ad0Sclaudioparse_entity(struct entityq *q, struct msgbuf *msgq)
6feb6ad0Sclaudio{
6feb6ad0Sclaudio	struct entity	*entp;
6feb6ad0Sclaudio	struct tal	*tal;
6feb6ad0Sclaudio	struct cert	*cert;
d3c7e816Sclaudio	struct mft	*mft;
6feb6ad0Sclaudio	struct roa	*roa;
a29ddfd5Sjob	struct aspa	*aspa;
08ac1330Sjob	struct gbr	*gbr;
08ac1330Sjob	struct tak	*tak;
d4be4cdeSjob	struct spl	*spl;
6feb6ad0Sclaudio	struct ibuf	*b;
cabf3a3bSclaudio	unsigned char	*f;
08ac1330Sjob	time_t		 mtime, crlmtime;
cabf3a3bSclaudio	size_t		 flen;
e038f1a1Sclaudio	char		*file, *crlfile;
6feb6ad0Sclaudio	int		 c;
6feb6ad0Sclaudio
6feb6ad0Sclaudio	while ((entp = TAILQ_FIRST(q)) != NULL) {
6feb6ad0Sclaudio		TAILQ_REMOVE(q, entp, entries);
6feb6ad0Sclaudio
100ded9eSclaudio		/* handle RTYPE_REPO first */
100ded9eSclaudio		if (entp->type == RTYPE_REPO) {
4bccd3c1Sclaudio			repo_add(entp->repoid, entp->path, entp->file);
100ded9eSclaudio			entity_free(entp);
100ded9eSclaudio			continue;
100ded9eSclaudio		}
6feb6ad0Sclaudio
4bccd3c1Sclaudio		/* pass back at least type, repoid and filename */
100ded9eSclaudio		b = io_new_buffer();
de22d368Sclaudio		io_simple_buffer(b, &entp->type, sizeof(entp->type));
39c0924aSclaudio		io_simple_buffer(b, &entp->repoid, sizeof(entp->repoid));
1fc2657fSclaudio		io_simple_buffer(b, &entp->talid, sizeof(entp->talid));
de22d368Sclaudio
df512fbcSclaudio		file = NULL;
df512fbcSclaudio		f = NULL;
08ac1330Sjob		mtime = 0;
08ac1330Sjob		crlmtime = 0;
08ac1330Sjob
6feb6ad0Sclaudio		switch (entp->type) {
6feb6ad0Sclaudio		case RTYPE_TAL:
df512fbcSclaudio			io_str_buffer(b, entp->file);
08ac1330Sjob			io_simple_buffer(b, &mtime, sizeof(mtime));
41edc670Sclaudio			if ((tal = tal_parse(entp->file, entp->data,
41edc670Sclaudio			    entp->datasz)) == NULL)
6feb6ad0Sclaudio				errx(1, "%s: could not parse tal file",
6feb6ad0Sclaudio				    entp->file);
dc508150Sclaudio			tal->id = entp->talid;
6feb6ad0Sclaudio			tal_buffer(b, tal);
6feb6ad0Sclaudio			tal_free(tal);
6feb6ad0Sclaudio			break;
6feb6ad0Sclaudio		case RTYPE_CER:
b12001c0Stb			if (entp->data != NULL) {
b12001c0Stb				file = proc_parser_root_cert(entp, &cert);
b12001c0Stb			} else {
df512fbcSclaudio				file = parse_load_file(entp, &f, &flen);
0bc420b9Sclaudio				cert = proc_parser_cert(file, f, flen, entp);
b12001c0Stb			}
b12001c0Stb			io_str_buffer(b, file);
08ac1330Sjob			if (cert != NULL)
08ac1330Sjob				mtime = cert->notbefore;
08ac1330Sjob			io_simple_buffer(b, &mtime, sizeof(mtime));
6feb6ad0Sclaudio			c = (cert != NULL);
6feb6ad0Sclaudio			io_simple_buffer(b, &c, sizeof(int));
c94cf448Sclaudio			if (cert != NULL) {
c94cf448Sclaudio				cert->repoid = entp->repoid;
6feb6ad0Sclaudio				cert_buffer(b, cert);
c94cf448Sclaudio			}
6feb6ad0Sclaudio			/*
6feb6ad0Sclaudio			 * The parsed certificate data "cert" is now
6feb6ad0Sclaudio			 * managed in the "auths" table, so don't free
df512fbcSclaudio			 * it here.
6feb6ad0Sclaudio			 */
6feb6ad0Sclaudio			break;
6feb6ad0Sclaudio		case RTYPE_MFT:
08ac1330Sjob			file = proc_parser_mft(entp, &mft, &crlfile, &crlmtime);
df512fbcSclaudio			io_str_buffer(b, file);
08ac1330Sjob			if (mft != NULL)
08ac1330Sjob				mtime = mft->signtime;
08ac1330Sjob			io_simple_buffer(b, &mtime, sizeof(mtime));
6feb6ad0Sclaudio			c = (mft != NULL);
6feb6ad0Sclaudio			io_simple_buffer(b, &c, sizeof(int));
6feb6ad0Sclaudio			if (mft != NULL)
6feb6ad0Sclaudio				mft_buffer(b, mft);
e038f1a1Sclaudio
e038f1a1Sclaudio			/* Push valid CRL together with the MFT. */
e038f1a1Sclaudio			if (crlfile != NULL) {
e038f1a1Sclaudio				enum rtype type;
e038f1a1Sclaudio				struct ibuf *b2;
e038f1a1Sclaudio
e038f1a1Sclaudio				b2 = io_new_buffer();
e038f1a1Sclaudio				type = RTYPE_CRL;
e038f1a1Sclaudio				io_simple_buffer(b2, &type, sizeof(type));
e038f1a1Sclaudio				io_simple_buffer(b2, &entp->repoid,
e038f1a1Sclaudio				    sizeof(entp->repoid));
1fc2657fSclaudio				io_simple_buffer(b2, &entp->talid,
1fc2657fSclaudio				    sizeof(entp->talid));
e038f1a1Sclaudio				io_str_buffer(b2, crlfile);
08ac1330Sjob				io_simple_buffer(b2, &crlmtime,
08ac1330Sjob				    sizeof(crlmtime));
e038f1a1Sclaudio				free(crlfile);
e038f1a1Sclaudio
e038f1a1Sclaudio				io_close_buffer(msgq, b2);
e038f1a1Sclaudio			}
6feb6ad0Sclaudio			mft_free(mft);
6feb6ad0Sclaudio			break;
6feb6ad0Sclaudio		case RTYPE_ROA:
df512fbcSclaudio			file = parse_load_file(entp, &f, &flen);
df512fbcSclaudio			io_str_buffer(b, file);
0636c4d0Stb			roa = proc_parser_roa(file, f, flen, entp);
08ac1330Sjob			if (roa != NULL)
08ac1330Sjob				mtime = roa->signtime;
08ac1330Sjob			io_simple_buffer(b, &mtime, sizeof(mtime));
6feb6ad0Sclaudio			c = (roa != NULL);
6feb6ad0Sclaudio			io_simple_buffer(b, &c, sizeof(int));
6feb6ad0Sclaudio			if (roa != NULL)
6feb6ad0Sclaudio				roa_buffer(b, roa);
6feb6ad0Sclaudio			roa_free(roa);
6feb6ad0Sclaudio			break;
6feb6ad0Sclaudio		case RTYPE_GBR:
df512fbcSclaudio			file = parse_load_file(entp, &f, &flen);
df512fbcSclaudio			io_str_buffer(b, file);
0636c4d0Stb			gbr = proc_parser_gbr(file, f, flen, entp);
08ac1330Sjob			if (gbr != NULL)
08ac1330Sjob				mtime = gbr->signtime;
08ac1330Sjob			io_simple_buffer(b, &mtime, sizeof(mtime));
08ac1330Sjob			gbr_free(gbr);
6feb6ad0Sclaudio			break;
a29ddfd5Sjob		case RTYPE_ASPA:
a29ddfd5Sjob			file = parse_load_file(entp, &f, &flen);
a29ddfd5Sjob			io_str_buffer(b, file);
0636c4d0Stb			aspa = proc_parser_aspa(file, f, flen, entp);
08ac1330Sjob			if (aspa != NULL)
08ac1330Sjob				mtime = aspa->signtime;
08ac1330Sjob			io_simple_buffer(b, &mtime, sizeof(mtime));
a29ddfd5Sjob			c = (aspa != NULL);
a29ddfd5Sjob			io_simple_buffer(b, &c, sizeof(int));
a29ddfd5Sjob			if (aspa != NULL)
a29ddfd5Sjob				aspa_buffer(b, aspa);
a29ddfd5Sjob			aspa_free(aspa);
a29ddfd5Sjob			break;
ee2a33daSjob		case RTYPE_TAK:
ee2a33daSjob			file = parse_load_file(entp, &f, &flen);
ee2a33daSjob			io_str_buffer(b, file);
0636c4d0Stb			tak = proc_parser_tak(file, f, flen, entp);
08ac1330Sjob			if (tak != NULL)
08ac1330Sjob				mtime = tak->signtime;
08ac1330Sjob			io_simple_buffer(b, &mtime, sizeof(mtime));
08ac1330Sjob			tak_free(tak);
ee2a33daSjob			break;
d4be4cdeSjob		case RTYPE_SPL:
d4be4cdeSjob			file = parse_load_file(entp, &f, &flen);
d4be4cdeSjob			io_str_buffer(b, file);
9463abd5Stb			if (experimental) {
d4be4cdeSjob				spl = proc_parser_spl(file, f, flen, entp);
d4be4cdeSjob				if (spl != NULL)
d4be4cdeSjob					mtime = spl->signtime;
9463abd5Stb			} else {
9463abd5Stb				if (verbose > 0)
9463abd5Stb					warnx("%s: skipped", file);
9463abd5Stb				spl = NULL;
9463abd5Stb			}
d4be4cdeSjob			io_simple_buffer(b, &mtime, sizeof(mtime));
d4be4cdeSjob			c = (spl != NULL);
d4be4cdeSjob			io_simple_buffer(b, &c, sizeof(int));
d4be4cdeSjob			if (spl != NULL)
d4be4cdeSjob				spl_buffer(b, spl);
d4be4cdeSjob			spl_free(spl);
d4be4cdeSjob			break;
e038f1a1Sclaudio		case RTYPE_CRL:
6feb6ad0Sclaudio		default:
39c0924aSclaudio			file = parse_filepath(entp->repoid, entp->path,
39c0924aSclaudio			    entp->file, entp->location);
39c0924aSclaudio			io_str_buffer(b, file);
08ac1330Sjob			io_simple_buffer(b, &mtime, sizeof(mtime));
39c0924aSclaudio			warnx("%s: unhandled type %d", file, entp->type);
39c0924aSclaudio			break;
6feb6ad0Sclaudio		}
6feb6ad0Sclaudio
cabf3a3bSclaudio		free(f);
100ded9eSclaudio		free(file);
6feb6ad0Sclaudio		io_close_buffer(msgq, b);
6feb6ad0Sclaudio		entity_free(entp);
6feb6ad0Sclaudio	}
6feb6ad0Sclaudio}
6feb6ad0Sclaudio
eae58378Sclaudio/*
eae58378Sclaudio * Process responsible for parsing and validating content.
eae58378Sclaudio * All this process does is wait to be told about a file to parse, then
eae58378Sclaudio * it parses it and makes sure that the data being returned is fully
eae58378Sclaudio * validated and verified.
eae58378Sclaudio * The process will exit cleanly only when fd is closed.
eae58378Sclaudio */
eae58378Sclaudiovoid
eae58378Sclaudioproc_parser(int fd)
eae58378Sclaudio{
eae58378Sclaudio	struct entityq	 q;
25d36c5cSclaudio	struct msgbuf	*msgq;
eae58378Sclaudio	struct pollfd	 pfd;
6feb6ad0Sclaudio	struct entity	*entp;
7eb79a4aSclaudio	struct ibuf	*b, *inbuf = NULL;
eae58378Sclaudio
1db5fd2bSclaudio	/* Only allow access to the cache directory. */
1db5fd2bSclaudio	if (unveil(".", "r") == -1)
1db5fd2bSclaudio		err(1, "unveil cachedir");
1db5fd2bSclaudio	if (pledge("stdio rpath", NULL) == -1)
1db5fd2bSclaudio		err(1, "pledge");
1db5fd2bSclaudio
eae58378Sclaudio	ERR_load_crypto_strings();
eae58378Sclaudio	OpenSSL_add_all_ciphers();
eae58378Sclaudio	OpenSSL_add_all_digests();
4bccd3c1Sclaudio	x509_init_oid();
891d6bceSjob	constraints_parse();
eae58378Sclaudio
eae58378Sclaudio	if ((ctx = X509_STORE_CTX_new()) == NULL)
c0528901Stb		err(1, "X509_STORE_CTX_new");
318f0572Sjob	if ((bn_ctx = BN_CTX_new()) == NULL)
318f0572Sjob		err(1, "BN_CTX_new");
eae58378Sclaudio
eae58378Sclaudio	TAILQ_INIT(&q);
eae58378Sclaudio
*b5fa5d51Sclaudio	if ((msgq = msgbuf_new_reader(sizeof(size_t), io_parse_hdr, NULL)) ==
*b5fa5d51Sclaudio	    NULL)
25d36c5cSclaudio		err(1, NULL);
eae58378Sclaudio
eae58378Sclaudio	pfd.fd = fd;
eae58378Sclaudio
eae58378Sclaudio	for (;;) {
eae58378Sclaudio		pfd.events = POLLIN;
25d36c5cSclaudio		if (msgbuf_queuelen(msgq) > 0)
eae58378Sclaudio			pfd.events |= POLLOUT;
eae58378Sclaudio
7ba5db23Sclaudio		if (poll(&pfd, 1, INFTIM) == -1) {
7ba5db23Sclaudio			if (errno == EINTR)
7ba5db23Sclaudio				continue;
eae58378Sclaudio			err(1, "poll");
7ba5db23Sclaudio		}
eae58378Sclaudio		if ((pfd.revents & (POLLERR|POLLNVAL)))
eae58378Sclaudio			errx(1, "poll: bad descriptor");
eae58378Sclaudio
eae58378Sclaudio		/* If the parent closes, return immediately. */
eae58378Sclaudio
eae58378Sclaudio		if ((pfd.revents & POLLHUP))
eae58378Sclaudio			break;
eae58378Sclaudio
eae58378Sclaudio		if ((pfd.revents & POLLIN)) {
*b5fa5d51Sclaudio			switch (ibuf_read(fd, msgq)) {
*b5fa5d51Sclaudio			case -1:
*b5fa5d51Sclaudio				err(1, "ibuf_read");
*b5fa5d51Sclaudio			case 0:
*b5fa5d51Sclaudio				errx(1, "ibuf_read: connection closed");
*b5fa5d51Sclaudio			}
*b5fa5d51Sclaudio			while ((b = io_buf_get(msgq)) != NULL) {
eae58378Sclaudio				entp = calloc(1, sizeof(struct entity));
eae58378Sclaudio				if (entp == NULL)
eae58378Sclaudio					err(1, NULL);
7eb79a4aSclaudio				entity_read_req(b, entp);
eae58378Sclaudio				TAILQ_INSERT_TAIL(&q, entp, entries);
7eb79a4aSclaudio				ibuf_free(b);
7eb79a4aSclaudio			}
eae58378Sclaudio		}
eae58378Sclaudio
eae58378Sclaudio		if (pfd.revents & POLLOUT) {
25d36c5cSclaudio			if (msgbuf_write(fd, msgq) == -1) {
9aadc625Sclaudio				if (errno == EPIPE)
eae58378Sclaudio					errx(1, "write: connection closed");
9aadc625Sclaudio				else
eae58378Sclaudio					err(1, "write");
eae58378Sclaudio			}
eae58378Sclaudio		}
eae58378Sclaudio
25d36c5cSclaudio		parse_entity(&q, msgq);
eae58378Sclaudio	}
eae58378Sclaudio
eae58378Sclaudio	while ((entp = TAILQ_FIRST(&q)) != NULL) {
eae58378Sclaudio		TAILQ_REMOVE(&q, entp, entries);
eae58378Sclaudio		entity_free(entp);
eae58378Sclaudio	}
eae58378Sclaudio
91176c18Sjob	auth_tree_free(&auths);
91176c18Sjob	crl_tree_free(&crlt);
eae58378Sclaudio
eae58378Sclaudio	X509_STORE_CTX_free(ctx);
318f0572Sjob	BN_CTX_free(bn_ctx);
318f0572Sjob
25d36c5cSclaudio	msgbuf_free(msgq);
91176c18Sjob	ibuf_free(inbuf);
91176c18Sjob
1d8c6443Stb	if (certid > CERTID_MAX)
1d8c6443Stb		errx(1, "processing incomplete: too many certificates");
1d8c6443Stb
6feb6ad0Sclaudio	exit(0);
eae58378Sclaudio}