From cc11b620e06e602a1b325534b22532ba9a2d7828 Mon Sep 17 00:00:00 2001
From: Alberto Leiva Popper <ydahhrk@gmail.com>
Date: Tue, 23 Feb 2021 11:42:38 -0600
Subject: [PATCH] Improve NID retrieval/registration

Curiously, old code used to assume the RPKI objects would never
be added to Libre/OpenSSL. New code handles the objects already
existing.

Attempts to fix #48; untested still.
---
 src/nid.c | 80 ++++++++++++++++++++++++++++++-------------------------
 1 file changed, 44 insertions(+), 36 deletions(-)

diff --git a/src/nid.c b/src/nid.c
index d3ac3b55..55ca690e 100644
--- a/src/nid.c
+++ b/src/nid.c
@@ -5,25 +5,33 @@
 
 #include "log.h"
 
-static int NID_rpkiManifest;
-static int NID_signedObject;
-static int NID_rpkiNotify;
-static int NID_certPolicyRpki;
-static int NID_certPolicyRpkiV2;
-static int NID_ipAddrBlocksv2;
-static int NID_autonomousSysIdsv2;
-static int NID_bgpsecRouter;
+static int rpki_manifest_nid;
+static int signed_object_nid;
+static int rpki_notify_nid;
+static int cert_policy_rpki_nid;
+static int cert_policy_rpki_v2_nid;
+static int ip_addr_blocks_v2_nid;
+static int autonomous_sys_ids_v2_nid;
+static int bgpsec_router_nid;
 
 static int
 register_oid(const char *oid, const char *sn, const char *ln)
 {
 	int nid;
 
-	nid = OBJ_create(oid, sn, ln);
-	if (nid == 0)
-		return op_crypto_err("Unable to register the %s NID.", sn);
+	/* Note: Object has to be registered for OBJ_txt2nid to work. */
+	nid = OBJ_txt2nid(oid);
+	if (nid == NID_undef) {
+		/* Note: Implicit object registration happens in OBJ_create. */
+		nid = OBJ_create(oid, sn, ln);
+		if (nid == 0)
+			return op_crypto_err("Unable to register the %s NID.", sn);
+		pr_op_debug("%s registered. Its nid is %d.", sn, nid);
+
+	} else {
+		pr_op_debug("%s retrieved. Its nid is %d.", sn, nid);
+	}
 
-	pr_op_debug("%s registered. Its nid is %d.", sn, nid);
 	return nid;
 }
 
@@ -34,52 +42,52 @@ register_oid(const char *oid, const char *sn, const char *ln)
 int
 nid_init(void)
 {
-	NID_rpkiManifest = register_oid("1.3.6.1.5.5.7.48.10",
+	rpki_manifest_nid = register_oid("1.3.6.1.5.5.7.48.10",
 	    "rpkiManifest",
 	    "RPKI Manifest (RFC 6487)");
-	if (NID_rpkiManifest == 0)
+	if (rpki_manifest_nid == 0)
 		return -EINVAL;
 
-	NID_signedObject = register_oid("1.3.6.1.5.5.7.48.11",
+	signed_object_nid = register_oid("1.3.6.1.5.5.7.48.11",
 	    "signedObject",
 	    "RPKI Signed Object (RFC 6487)");
-	if (NID_signedObject == 0)
+	if (signed_object_nid == 0)
 		return -EINVAL;
 
-	NID_rpkiNotify = register_oid("1.3.6.1.5.5.7.48.13",
+	rpki_notify_nid = register_oid("1.3.6.1.5.5.7.48.13",
 	    "rpkiNotify",
 	    "RPKI Update Notification File (RFC 8182)");
-	if (NID_rpkiNotify == 0)
+	if (rpki_notify_nid == 0)
 		return -EINVAL;
 
-	NID_certPolicyRpki = register_oid("1.3.6.1.5.5.7.14.2",
+	cert_policy_rpki_nid = register_oid("1.3.6.1.5.5.7.14.2",
 	    "id-cp-ipAddr-asNumber (RFC 6484)",
 	    "Certificate Policy (CP) for the Resource PKI (RPKI)");
-	if (NID_certPolicyRpki == 0)
+	if (cert_policy_rpki_nid == 0)
 		return -EINVAL;
 
-	NID_certPolicyRpkiV2 = register_oid("1.3.6.1.5.5.7.14.3",
+	cert_policy_rpki_v2_nid = register_oid("1.3.6.1.5.5.7.14.3",
 	    "id-cp-ipAddr-asNumber-v2 (RFC 8360)",
 	    "Certificate Policy for Use with Validation Reconsidered in the RPKI");
-	if (NID_certPolicyRpkiV2 == 0)
+	if (cert_policy_rpki_v2_nid == 0)
 		return -EINVAL;
 
-	NID_ipAddrBlocksv2 = register_oid("1.3.6.1.5.5.7.1.28",
+	ip_addr_blocks_v2_nid = register_oid("1.3.6.1.5.5.7.1.28",
 	    "id-pe-ipAddrBlocks-v2",
 	    "Amended IP Resources (RFC 8360)");
-	if (NID_ipAddrBlocksv2 == 0)
+	if (ip_addr_blocks_v2_nid == 0)
 		return -EINVAL;
 
-	NID_autonomousSysIdsv2 = register_oid("1.3.6.1.5.5.7.1.29",
+	autonomous_sys_ids_v2_nid = register_oid("1.3.6.1.5.5.7.1.29",
 	    "id-pe-autonomousSysIds-v2",
 	    "Amended AS Resources (RFC 8360)");
-	if (NID_autonomousSysIdsv2 == 0)
+	if (autonomous_sys_ids_v2_nid == 0)
 		return -EINVAL;
 
-	NID_bgpsecRouter = register_oid("1.3.6.1.5.5.7.3.30",
+	bgpsec_router_nid = register_oid("1.3.6.1.5.5.7.3.30",
 	    "id-kp-bgpsec-router",
 	    "BGPsec Extended Key Usage (RFC 8209)");
-	if (NID_bgpsecRouter == 0)
+	if (bgpsec_router_nid == 0)
 		return -EINVAL;
 
 	return 0;
@@ -93,40 +101,40 @@ nid_destroy(void)
 
 int nid_rpkiManifest(void)
 {
-	return NID_rpkiManifest;
+	return rpki_manifest_nid;
 }
 
 int nid_signedObject(void)
 {
-	return NID_signedObject;
+	return signed_object_nid;
 }
 
 int nid_rpkiNotify(void)
 {
-	return NID_rpkiNotify;
+	return rpki_notify_nid;
 }
 
 int nid_certPolicyRpki(void)
 {
-	return NID_certPolicyRpki;
+	return cert_policy_rpki_nid;
 }
 
 int nid_certPolicyRpkiV2(void)
 {
-	return NID_certPolicyRpkiV2;
+	return cert_policy_rpki_v2_nid;
 }
 
 int nid_ipAddrBlocksv2(void)
 {
-	return NID_ipAddrBlocksv2;
+	return ip_addr_blocks_v2_nid;
 }
 
 int nid_autonomousSysIdsv2(void)
 {
-	return NID_autonomousSysIdsv2;
+	return autonomous_sys_ids_v2_nid;
 }
 
 int nid_bgpsecRouter(void)
 {
-	return NID_bgpsecRouter;
+	return bgpsec_router_nid;
 }
-- 
2.47.2