-# $OpenBSD: Makefile,v 1.31 2023/06/12 14:56:38 claudio Exp $
+# $OpenBSD: Makefile,v 1.32 2023/06/29 10:28:25 tb Exp $
PROG= rpki-client
SRCS= as.c aspa.c cert.c cms.c crl.c encoding.c filemode.c gbr.c geofeed.c \
- http.c io.c ip.c json.c log.c main.c mft.c mkdir.c ometric.c output.c \
+ http.c io.c ip.c json.c main.c mft.c mkdir.c ometric.c output.c \
output-bgpd.c output-bird.c output-csv.c output-json.c \
output-ometric.c parser.c print.c repo.c roa.c rrdp.c rrdp_delta.c \
rrdp_notification.c rrdp_snapshot.c rrdp_util.c rsc.c rsync.c tak.c \
-/* $OpenBSD: cert.c,v 1.113 2023/06/24 04:15:14 tb Exp $ */
+/* $OpenBSD: cert.c,v 1.114 2023/06/29 10:28:25 tb Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2021 Job Snijders <job@openbsd.org>
int i, rc = 0;
if (!X509_EXTENSION_get_critical(ext)) {
- cryptowarnx("%s: RFC 6487 section 4.8.11: autonomousSysNum: "
+ warnx("%s: RFC 6487 section 4.8.11: autonomousSysNum: "
"extension not critical", p->fn);
goto out;
}
if ((asidentifiers = X509V3_EXT_d2i(ext)) == NULL) {
- cryptowarnx("%s: RFC 6487 section 4.8.11: autonomousSysNum: "
+ warnx("%s: RFC 6487 section 4.8.11: autonomousSysNum: "
"failed extension parse", p->fn);
goto out;
}
int i, j, rc = 0;
if (!X509_EXTENSION_get_critical(ext)) {
- cryptowarnx("%s: RFC 6487 section 4.8.10: sbgp-ipAddrBlock: "
+ warnx("%s: RFC 6487 section 4.8.10: sbgp-ipAddrBlock: "
"extension not critical", p->fn);
goto out;
}
if ((addrblk = X509V3_EXT_d2i(ext)) == NULL) {
- cryptowarnx("%s: RFC 6487 section 4.8.10: sbgp-ipAddrBlock: "
+ warnx("%s: RFC 6487 section 4.8.10: sbgp-ipAddrBlock: "
"failed extension parse", p->fn);
goto out;
}
}
if ((sia = X509V3_EXT_d2i(ext)) == NULL) {
- cryptowarnx("%s: RFC 6487 section 4.8.8: SIA: "
- "failed extension parse", p->fn);
+ warnx("%s: RFC 6487 section 4.8.8: SIA: failed extension parse",
+ p->fn);
goto out;
}
int rc = 0;
if (!X509_EXTENSION_get_critical(ext)) {
- cryptowarnx("%s: RFC 6487 section 4.8.9: certificatePolicies: "
+ warnx("%s: RFC 6487 section 4.8.9: certificatePolicies: "
"extension not critical", p->fn);
goto out;
}
if ((policies = X509V3_EXT_d2i(ext)) == NULL) {
- cryptowarnx("%s: RFC 6487 section 4.8.9: certificatePolicies: "
+ warnx("%s: RFC 6487 section 4.8.9: certificatePolicies: "
"failed extension parse", p->fn);
goto out;
}
}
if (!X509_up_ref(x)) {
- cryptowarnx("%s: X509_up_ref failed", fn);
+ warnx("%s: X509_up_ref failed", fn);
goto out;
}
oder = der;
if ((x = d2i_X509(NULL, &der, len)) == NULL) {
- cryptowarnx("%s: d2i_X509", p.fn);
+ warnx("%s: d2i_X509", p.fn);
goto out;
}
if (der != oder + len) {
/* Cache X509v3 extensions, see X509_check_ca(3). */
if (X509_check_purpose(x, -1, -1) <= 0) {
- cryptowarnx("%s: could not cache X509v3 extensions", p.fn);
+ warnx("%s: could not cache X509v3 extensions", p.fn);
goto out;
}
X509_get0_signature(NULL, &palg, x);
if (palg == NULL) {
- cryptowarnx("%s: X509_get0_signature", p.fn);
+ warnx("%s: X509_get0_signature", p.fn);
goto out;
}
X509_ALGOR_get0(&cobj, NULL, NULL, palg);
/* Look for X509v3 extensions. */
if ((extsz = X509_get_ext_count(x)) < 0)
- cryptoerrx("X509_get_ext_count");
+ errx(1, "X509_get_ext_count");
for (i = 0; i < (size_t)extsz; i++) {
ext = X509_get_ext(x, i);
/* first check pubkey against the one from the TAL */
pk = d2i_PUBKEY(NULL, &pkey, pkeysz);
if (pk == NULL) {
- cryptowarnx("%s: RFC 6487 (trust anchor): bad TAL pubkey", fn);
+ warnx("%s: RFC 6487 (trust anchor): bad TAL pubkey", fn);
goto badcert;
}
if ((opk = X509_get0_pubkey(p->x509)) == NULL) {
- cryptowarnx("%s: RFC 6487 (trust anchor): missing pubkey", fn);
+ warnx("%s: RFC 6487 (trust anchor): missing pubkey", fn);
goto badcert;
}
if (EVP_PKEY_cmp(pk, opk) != 1) {
- cryptowarnx("%s: RFC 6487 (trust anchor): "
+ warnx("%s: RFC 6487 (trust anchor): "
"pubkey does not match TAL pubkey", fn);
goto badcert;
}
-/* $OpenBSD: cms.c,v 1.37 2023/06/20 02:46:18 job Exp $ */
+/* $OpenBSD: cms.c,v 1.38 2023/06/29 10:28:25 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
oder = der;
if ((cms = d2i_CMS_ContentInfo(NULL, &der, len)) == NULL) {
- cryptowarnx("%s: RFC 6488: failed CMS parse", fn);
+ warnx("%s: RFC 6488: failed CMS parse", fn);
goto out;
}
if (der != oder + len) {
*/
if (!CMS_verify(cms, NULL, NULL, bio, NULL,
CMS_NO_SIGNER_CERT_VERIFY)) {
- cryptowarnx("%s: CMS verification error", fn);
+ warnx("%s: CMS verification error", fn);
goto out;
}
goto out;
}
if (sk_CMS_SignerInfo_num(sinfos) != 1) {
- cryptowarnx("%s: RFC 6488: CMS has multiple signerInfos", fn);
+ warnx("%s: RFC 6488: CMS has multiple signerInfos", fn);
goto out;
}
si = sk_CMS_SignerInfo_value(sinfos, 0);
nattrs = CMS_signed_get_attr_count(si);
if (nattrs <= 0) {
- cryptowarnx("%s: RFC 6488: error extracting signedAttrs", fn);
+ warnx("%s: RFC 6488: error extracting signedAttrs", fn);
goto out;
}
for (i = 0; i < nattrs; i++) {
attr = CMS_signed_get_attr(si, i);
if (attr == NULL || X509_ATTRIBUTE_count(attr) != 1) {
- cryptowarnx("%s: RFC 6488: "
- "bad signed attribute encoding", fn);
+ warnx("%s: RFC 6488: bad signed attribute encoding",
+ fn);
goto out;
}
obj = X509_ATTRIBUTE_get0_object(attr);
if (obj == NULL) {
- cryptowarnx("%s: RFC 6488: bad signed attribute", fn);
+ warnx("%s: RFC 6488: bad signed attribute", fn);
goto out;
}
if (OBJ_cmp(obj, cnt_type_oid) == 0) {
if (has_ct++ != 0) {
- cryptowarnx("%s: RFC 6488: duplicate "
+ warnx("%s: RFC 6488: duplicate "
"signed attribute", fn);
goto out;
}
} else if (OBJ_cmp(obj, msg_dgst_oid) == 0) {
if (has_md++ != 0) {
- cryptowarnx("%s: RFC 6488: duplicate "
+ warnx("%s: RFC 6488: duplicate "
"signed attribute", fn);
goto out;
}
} else if (OBJ_cmp(obj, sign_time_oid) == 0) {
if (has_st++ != 0) {
- cryptowarnx("%s: RFC 6488: duplicate "
+ warnx("%s: RFC 6488: duplicate "
"signed attribute", fn);
goto out;
}
goto out;
} else if (OBJ_cmp(obj, bin_sign_time_oid) == 0) {
if (has_bst++ != 0) {
- cryptowarnx("%s: RFC 6488: duplicate "
+ warnx("%s: RFC 6488: duplicate "
"signed attribute", fn);
goto out;
}
} else {
OBJ_obj2txt(buf, sizeof(buf), obj, 1);
- cryptowarnx("%s: RFC 6488: "
+ warnx("%s: RFC 6488: "
"CMS has unexpected signed attribute %s",
fn, buf);
goto out;
}
if (!has_ct || !has_md) {
- cryptowarnx("%s: RFC 6488: CMS missing required "
+ warnx("%s: RFC 6488: CMS missing required "
"signed attribute", fn);
goto out;
}
warnx("%s: missing CMS signing-time attribute", fn);
if (CMS_unsigned_get_attr_count(si) != -1) {
- cryptowarnx("%s: RFC 6488: CMS has unsignedAttrs", fn);
+ warnx("%s: RFC 6488: CMS has unsignedAttrs", fn);
goto out;
}
crls = CMS_get1_crls(cms);
if (crls != NULL) {
sk_X509_CRL_pop_free(crls, X509_CRL_free);
- cryptowarnx("%s: RFC 6488: CMS has CRLs", fn);
+ warnx("%s: RFC 6488: CMS has CRLs", fn);
goto out;
}
/* Cache X509v3 extensions, see X509_check_ca(3). */
if (X509_check_purpose(*xp, -1, -1) <= 0) {
- cryptowarnx("%s: could not cache X509v3 extensions", fn);
+ warnx("%s: could not cache X509v3 extensions", fn);
goto out;
}
-/* $OpenBSD: crl.c,v 1.26 2023/06/20 12:48:32 job Exp $ */
+/* $OpenBSD: crl.c,v 1.27 2023/06/29 10:28:25 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
oder = der;
if ((crl->x509_crl = d2i_X509_CRL(NULL, &der, len)) == NULL) {
- cryptowarnx("%s: d2i_X509_CRL", fn);
+ warnx("%s: d2i_X509_CRL", fn);
goto out;
}
if (der != oder + len) {
X509_CRL_get0_signature(crl->x509_crl, NULL, &palg);
if (palg == NULL) {
- cryptowarnx("%s: X509_CRL_get0_signature", fn);
+ warnx("%s: X509_CRL_get0_signature", fn);
goto out;
}
X509_ALGOR_get0(&cobj, NULL, NULL, palg);
-/* $OpenBSD: extern.h,v 1.186 2023/06/26 18:39:53 job Exp $ */
+/* $OpenBSD: extern.h,v 1.187 2023/06/29 10:28:25 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
void rrdp_abort(unsigned int);
void rrdp_http_done(unsigned int, enum http_result, const char *);
-/* Logging (though really used for OpenSSL errors). */
-
-void cryptowarnx(const char *, ...)
- __attribute__((format(printf, 1, 2)));
-void cryptoerrx(const char *, ...)
- __attribute__((format(printf, 1, 2)))
- __attribute__((noreturn));
-
/* Encoding functions for hex and base64. */
unsigned char *load_file(const char *, size_t *);
-/* $OpenBSD: filemode.c,v 1.33 2023/05/30 16:02:28 job Exp $ */
+/* $OpenBSD: filemode.c,v 1.34 2023/06/29 10:28:25 tb Exp $ */
/*
* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
x509_init_oid();
if ((ctx = X509_STORE_CTX_new()) == NULL)
- cryptoerrx("X509_STORE_CTX_new");
+ err(1, "X509_STORE_CTX_new");
TAILQ_INIT(&q);
msgbuf_init(&msgq);
+++ /dev/null
-/* $OpenBSD: log.c,v 1.6 2020/09/12 15:46:48 claudio Exp $ */
-/*
- * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <err.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdint.h>
-
-#include <openssl/err.h>
-
-#include "extern.h"
-
-/*
- * Print the chain of openssl errors that led to the current one.
- * This should only be invoked in the event that OpenSSL fails with
- * something.
- * It's followed by the (optional) given error message, then terminates.
- */
-void
-cryptoerrx(const char *fmt, ...)
-{
- unsigned long er;
- char buf[BUFSIZ];
- va_list ap;
-
- while ((er = ERR_get_error()) > 0) {
- ERR_error_string_n(er, buf, sizeof(buf));
- warnx(" ...trace: %s", buf);
- }
-
- if (fmt != NULL) {
- va_start(ap, fmt);
- vwarnx(fmt, ap);
- va_end(ap);
- }
-
- exit(1);
-}
-
-/*
- * Like cryptoerrx(), but without exiting.
- */
-void
-cryptowarnx(const char *fmt, ...)
-{
- unsigned long er;
- char buf[BUFSIZ];
- va_list ap;
-
- while ((er = ERR_get_error()) > 0) {
- ERR_error_string_n(er, buf, sizeof(buf));
- warnx(" ...trace: %s", buf);
- }
-
- if (fmt != NULL) {
- va_start(ap, fmt);
- vwarnx(fmt, ap);
- va_end(ap);
- }
-}
-/* $OpenBSD: mft.c,v 1.95 2023/06/20 12:39:50 job Exp $ */
+/* $OpenBSD: mft.c,v 1.96 2023/06/29 10:28:25 tb Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
int i, rc = 0;
if ((mft = d2i_Manifest(NULL, &d, dsz)) == NULL) {
- cryptowarnx("%s: RFC 6486 section 4: failed to parse Manifest",
+ warnx("%s: RFC 6486 section 4: failed to parse Manifest",
p->fn);
goto out;
}
-/* $OpenBSD: parser.c,v 1.96 2023/05/30 16:02:28 job Exp $ */
+/* $OpenBSD: parser.c,v 1.97 2023/06/29 10:28:25 tb Exp $ */
/*
* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
x509_init_oid();
if ((ctx = X509_STORE_CTX_new()) == NULL)
- cryptoerrx("X509_STORE_CTX_new");
+ err(1, "X509_STORE_CTX_new");
TAILQ_INIT(&q);
-/* $OpenBSD: roa.c,v 1.68 2023/06/07 10:46:34 job Exp $ */
+/* $OpenBSD: roa.c,v 1.69 2023/06/29 10:28:25 tb Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
int i, j, rc = 0;
if ((roa = d2i_RouteOriginAttestation(NULL, &d, dsz)) == NULL) {
- cryptowarnx("%s: RFC 6482 section 3: failed to parse "
+ warnx("%s: RFC 6482 section 3: failed to parse "
"RouteOriginAttestation", p->fn);
goto out;
}
-/* $OpenBSD: rsc.c,v 1.26 2023/06/07 10:46:34 job Exp $ */
+/* $OpenBSD: rsc.c,v 1.27 2023/06/29 10:28:25 tb Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
* Copyright (c) 2022 Job Snijders <job@fastly.com>
*/
if ((rsc = d2i_RpkiSignedChecklist(NULL, &d, dsz)) == NULL) {
- cryptowarnx("%s: RSC: failed to parse RpkiSignedChecklist",
- p->fn);
+ warnx("%s: RSC: failed to parse RpkiSignedChecklist", p->fn);
goto out;
}
-/* $OpenBSD: tak.c,v 1.10 2023/06/20 12:39:50 job Exp $ */
+/* $OpenBSD: tak.c,v 1.11 2023/06/29 10:28:25 tb Exp $ */
/*
* Copyright (c) 2022 Job Snijders <job@fastly.com>
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
fn = p->fn;
if ((tak = d2i_TAK(NULL, &d, dsz)) == NULL) {
- cryptowarnx("%s: failed to parse Trust Anchor Key", fn);
+ warnx("%s: failed to parse Trust Anchor Key", fn);
goto out;
}
-/* $OpenBSD: tal.c,v 1.38 2022/11/30 09:02:58 job Exp $ */
+/* $OpenBSD: tal.c,v 1.39 2023/06/29 10:28:25 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
/* Make sure it's a valid public key. */
pkey = d2i_PUBKEY(NULL, (const unsigned char **)&der, dersz);
if (pkey == NULL) {
- cryptowarnx("%s: RFC 7730 section 2.1: subjectPublicKeyInfo: "
+ warnx("%s: RFC 7730 section 2.1: subjectPublicKeyInfo: "
"failed public key parse", fn);
goto out;
}
-/* $OpenBSD: validate.c,v 1.65 2023/06/07 11:09:08 tb Exp $ */
+/* $OpenBSD: validate.c,v 1.66 2023/06/29 10:28:25 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
assert(store_ctx != NULL);
assert(x509 != NULL);
if (!X509_STORE_CTX_init(store_ctx, NULL, x509, NULL))
- cryptoerrx("X509_STORE_CTX_init");
+ err(1, "X509_STORE_CTX_init");
if ((params = X509_STORE_CTX_get0_param(store_ctx)) == NULL)
- cryptoerrx("X509_STORE_CTX_get0_param");
+ errx(1, "X509_STORE_CTX_get0_param");
if ((cp_oid = OBJ_dup(certpol_oid)) == NULL)
- cryptoerrx("OBJ_dup");
+ err(1, "OBJ_dup");
if (!X509_VERIFY_PARAM_add0_policy(params, cp_oid))
- cryptoerrx("X509_VERIFY_PARAM_add0_policy");
+ err(1, "X509_VERIFY_PARAM_add0_policy");
X509_VERIFY_PARAM_set_time(params, get_current_time());
flags = X509_V_FLAG_CRL_CHECK;
projects / openbsd / commitdiff