From 57424ee8727ad2925722cfda0266a259aa39fa67 Mon Sep 17 00:00:00 2001 From: Alberto Leiva Popper Date: Wed, 15 May 2024 17:22:41 -0600 Subject: [PATCH] Fix TODO: Choose a X509V3_EXT_print() flag X509V3_EXT_print() was being summoned to print extensions unrelated to RPKI. The TODO wanted me to pick a suitable flag for extensions unknown even to libcrypto. For reference, this is how X509V3_EXT_print() prints an AIA, as a known extension: CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer This is how X509V3_EXT_print() prints the same AIA, as an unknown extension, X509V3_EXT_PARSE_UNKNOWN enabled: 0:d=0 hl=2 l= 82 cons: SEQUENCE 2:d=1 hl=2 l= 80 cons: SEQUENCE 4:d=2 hl=2 l= 8 prim: OBJECT :CA Issuers 14:d=2 hl=2 l= 68 prim: cont [ 6 ] This is how X509V3_EXT_print() prints the same AIA, as an unknown extension, X509V3_EXT_DUMP_UNKNOWN enabled: 0000 - 30 52 30 50 06 08 2b 06-01 05 05 07 30 02 86 44 0R0P..+.....0..D 0010 - 72 73 79 6e 63 3a 2f 2f-72 70 6b 69 2e 72 69 70 rsync://rpki.rip 0020 - 65 2e 6e 65 74 2f 72 65-70 6f 73 69 74 6f 72 79 e.net/repository 0030 - 2f 61 63 61 2f 4b 70 53-6f 33 56 56 4b 35 77 45 /aca/KpSo3VVK5wE 0040 - 48 49 4a 6e 48 43 32 51-48 56 56 33 64 35 6d 6b HIJnHC2QHVV3d5mk 0050 - 2e 63 65 72 .cer Eh. These are good and all, but they mess up the JSON, so I decided to dump these as octet strings instead: 3052305006082b0601050507300286447273796e633a2f2f72706b692e726970 652e6e65742f7265706f7369746f72792f6163612f4b70536f3356564b357745 48494a6e484332514856563364356d6b2e636572 --- src/libcrypto_util.c | 12 +----------- src/print_file.c | 8 -------- 2 files changed, 1 insertion(+), 19 deletions(-) diff --git a/src/libcrypto_util.c b/src/libcrypto_util.c index 9f082b3d..3717ae11 100644 --- a/src/libcrypto_util.c +++ b/src/libcrypto_util.c @@ -216,17 +216,7 @@ ext2json_known(struct extension_metadata const *meta, X509_EXTENSION *ext) static json_t * ext2json_unknown(X509_EXTENSION *ext) { - BIO *bio = BIO_new(BIO_s_mem()); - if (bio == NULL) - return NULL; - - /* TODO Those flags are kinda interesting */ - if (!X509V3_EXT_print(bio, ext, 0, 0)) { - BIO_free_all(bio); - return NULL; - } - - return bio2json(bio); + return asn1str2json(X509_EXTENSION_get_data(ext)); } static json_t * diff --git a/src/print_file.c b/src/print_file.c index 06ce5438..57eb6048 100644 --- a/src/print_file.c +++ b/src/print_file.c @@ -199,10 +199,8 @@ bio2ci(BIO *bio) struct ContentInfo *ci = NULL; unsigned char buffer[BUFFER_SIZE]; size_t consumed; -// bool eof; asn_dec_rval_t res; -// eof = false; do { if (!BIO_read_ex(bio, buffer, BUFFER_SIZE, &consumed)) { op_crypto_err("IO error."); @@ -215,15 +213,9 @@ bio2ci(BIO *bio) switch (res.code) { case RC_OK: -// if (!buf->eof) -// pr_op_warn("File has trailing bytes."); return ci; case RC_WMORE: -// if (buf->eof) { -// pr_op_err("File ended prematurely."); -// return NULL; -// } break; case RC_FAIL: -- 2.47.3