Normalize the nid printing

OBJ_nid2* can return NULL if the gloriously consistent objects.txt
database doesn't specify a long or a short name. So try the long name
first, fall back to the short name, and if both fail, use "unknown".
Always include the nid as a decimal.

ok claudio

diff --git a/usr.sbin/rpki-client/cert.c b/usr.sbin/rpki-client/cert.c
index 9e113ce..e528e92 100644 (file)
--- a/usr.sbin/rpki-client/cert.c
+++ b/usr.sbin/rpki-client/cert.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: cert.c,v 1.122 2024/01/11 11:55:14 job Exp $ */
+/*     $OpenBSD: cert.c,v 1.123 2024/02/01 15:11:38 tb Exp $ */
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2021 Job Snijders <job@openbsd.org>
@@ -647,7 +647,7 @@ certificate_policies(struct parse *p, X509_EXTENSION *ext)
 
        if ((nid = OBJ_obj2nid(qualifier->pqualid)) != NID_id_qt_cps) {
                warnx("%s: RFC 7318 section 2: certificatePolicies: "
-                   "want CPS, got %d (%s)", p->fn, nid, OBJ_nid2sn(nid));
+                   "want CPS, got %s", p->fn, nid2str(nid));
                goto out;
        }
 
@@ -794,8 +794,7 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
                        warnx("%s: P-256 support is experimental", fn);
        } else if (nid != NID_sha256WithRSAEncryption) {
                warnx("%s: RFC 7935: wrong signature algorithm %s, want %s",
-                   fn, OBJ_nid2ln(nid),
-                   OBJ_nid2ln(NID_sha256WithRSAEncryption));
+                   fn, nid2str(nid), LN_sha256WithRSAEncryption);
                goto out;
        }
 
@@ -970,8 +969,8 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len)
        return p.res;
 
  dup:
-       warnx("%s: RFC 5280 section 4.2: duplicate %s extension", fn,
-           OBJ_nid2sn(nid));
+       warnx("%s: RFC 5280 section 4.2: duplicate extension: %s", fn,
+           nid2str(nid));
  out:
        cert_free(p.res);
        X509_free(x);

diff --git a/usr.sbin/rpki-client/cms.c b/usr.sbin/rpki-client/cms.c
index 145f250..8b9485c 100644 (file)
--- a/usr.sbin/rpki-client/cms.c
+++ b/usr.sbin/rpki-client/cms.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: cms.c,v 1.41 2023/12/10 14:18:23 job Exp $ */
+/*     $OpenBSD: cms.c,v 1.42 2024/02/01 15:11:38 tb Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -259,7 +259,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
        nid = OBJ_obj2nid(obj);
        if (nid != NID_sha256) {
                warnx("%s: RFC 6488: wrong digest %s, want %s", fn,
-                   OBJ_nid2ln(nid), OBJ_nid2ln(NID_sha256));
+                   nid2str(nid), LN_sha256);
                goto out;
        }
        X509_ALGOR_get0(&obj, NULL, NULL, psig);
@@ -271,7 +271,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der,
        } else if (nid != NID_rsaEncryption &&
            nid != NID_sha256WithRSAEncryption) {
                warnx("%s: RFC 6488: wrong signature algorithm %s, want %s",
-                   fn, OBJ_nid2ln(nid), OBJ_nid2ln(NID_rsaEncryption));
+                   fn, nid2str(nid), LN_rsaEncryption);
                goto out;
        }
 

diff --git a/usr.sbin/rpki-client/crl.c b/usr.sbin/rpki-client/crl.c
index 4b213a5..6ea5925 100644 (file)
--- a/usr.sbin/rpki-client/crl.c
+++ b/usr.sbin/rpki-client/crl.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: crl.c,v 1.31 2024/01/18 14:34:26 job Exp $ */
+/*     $OpenBSD: crl.c,v 1.32 2024/02/01 15:11:38 tb Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -68,8 +68,7 @@ crl_parse(const char *fn, const unsigned char *der, size_t len)
                        warnx("%s: P-256 support is experimental", fn);
        } else if (nid != NID_sha256WithRSAEncryption) {
                warnx("%s: RFC 7935: wrong signature algorithm %s, want %s",
-                   fn, OBJ_nid2ln(nid),
-                   OBJ_nid2ln(NID_sha256WithRSAEncryption));
+                   fn, nid2str(nid), LN_sha256WithRSAEncryption);
                goto out;
        }
 

diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h
index 9912ebc..0264ce6 100644 (file)
--- a/usr.sbin/rpki-client/extern.h
+++ b/usr.sbin/rpki-client/extern.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: extern.h,v 1.201 2024/01/31 06:57:21 tb Exp $ */
+/*     $OpenBSD: extern.h,v 1.202 2024/02/01 15:11:38 tb Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -861,6 +861,7 @@ int          x509_valid_subject(const char *, const X509 *);
 time_t          x509_find_expires(time_t, struct auth *, struct crl_tree *);
 
 /* printers */
+char           *nid2str(int);
 char           *time2str(time_t);
 void            x509_print(const X509 *);
 void            tal_print(const struct tal *);

diff --git a/usr.sbin/rpki-client/print.c b/usr.sbin/rpki-client/print.c
index 03112fe..9395cd0 100644 (file)
--- a/usr.sbin/rpki-client/print.c
+++ b/usr.sbin/rpki-client/print.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: print.c,v 1.45 2024/01/18 14:34:26 job Exp $ */
+/*     $OpenBSD: print.c,v 1.46 2024/02/01 15:11:38 tb Exp $ */
 /*
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -49,6 +49,22 @@ pretty_key_id(const char *hex)
        return buf;
 }
 
+char *
+nid2str(int nid)
+{
+       static char buf[128];
+       const char *name;
+
+       if ((name = OBJ_nid2ln(nid)) == NULL)
+               name = OBJ_nid2sn(nid);
+       if (name == NULL)
+               name = "unknown";
+
+       snprintf(buf, sizeof(buf), "nid %d (%s)", nid, name);
+
+       return buf;
+}
+
 char *
 time2str(time_t t)
 {

diff --git a/usr.sbin/rpki-client/validate.c b/usr.sbin/rpki-client/validate.c
index 0b4cfaa..c0c4ee5 100644 (file)
--- a/usr.sbin/rpki-client/validate.c
+++ b/usr.sbin/rpki-client/validate.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: validate.c,v 1.70 2024/01/07 09:48:03 tb Exp $ */
+/*     $OpenBSD: validate.c,v 1.71 2024/02/01 15:11:38 tb Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -665,7 +665,7 @@ valid_ca_pkey_ec(const char *fn, EVP_PKEY *pkey)
        nid = EC_GROUP_get_curve_name(group);
        if (nid != NID_X9_62_prime256v1) {
                if ((cname = EC_curve_nid2nist(nid)) == NULL)
-                       cname = OBJ_nid2sn(nid);
+                       cname = nid2str(nid);
                warnx("%s: Expected P-256, got %s", fn, cname);
                return 0;
        }

diff --git a/usr.sbin/rpki-client/x509.c b/usr.sbin/rpki-client/x509.c
index 38b1e5d..dd0f330 100644 (file)
--- a/usr.sbin/rpki-client/x509.c
+++ b/usr.sbin/rpki-client/x509.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: x509.c,v 1.76 2024/01/31 15:01:13 job Exp $ */
+/*     $OpenBSD: x509.c,v 1.77 2024/02/01 15:11:38 tb Exp $ */
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
@@ -362,7 +362,7 @@ x509_get_pubkey(X509 *x, const char *fn)
        nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(eckey));
        if (nid != NID_X9_62_prime256v1) {
                if ((cname = EC_curve_nid2nist(nid)) == NULL)
-                       cname = OBJ_nid2sn(nid);
+                       cname = nid2str(nid);
                warnx("%s: Expected P-256, got %s", fn, cname);
                goto out;
        }
@@ -955,8 +955,8 @@ x509_valid_subject(const char *fn, const X509 *x)
                        warnx("%s: OBJ_obj2nid failed", fn);
                        return 0;
                default:
-                       warnx("%s: RFC 6487 section 4.5: unexpected attribute "
-                           "%d (%s)", fn, nid, OBJ_nid2ln(nid));
+                       warnx("%s: RFC 6487 section 4.5: unexpected attribute"
+                           " %s", fn, nid2str(nid));
                        return 0;
                }
        }