From: tb Date: Thu, 29 Jun 2023 10:28:25 +0000 (+0000) Subject: Retire log.c X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=c05289013df5e85e1b4510d27365aa248659b5f7;p=openbsd Retire log.c Convert all cryptowarnx() and cryptoerrx() to appropriate versions of warn() and err{,x}(). Neither users nor developers benefit from them. If we need better errors, we need to do some thinking. libcrypto won't do that for us. suggested by claudio ok job --- diff --git a/usr.sbin/rpki-client/Makefile b/usr.sbin/rpki-client/Makefile index 1b5b3308eca..660d4533c3c 100644 --- a/usr.sbin/rpki-client/Makefile +++ b/usr.sbin/rpki-client/Makefile @@ -1,8 +1,8 @@ -# $OpenBSD: Makefile,v 1.31 2023/06/12 14:56:38 claudio Exp $ +# $OpenBSD: Makefile,v 1.32 2023/06/29 10:28:25 tb Exp $ PROG= rpki-client SRCS= as.c aspa.c cert.c cms.c crl.c encoding.c filemode.c gbr.c geofeed.c \ - http.c io.c ip.c json.c log.c main.c mft.c mkdir.c ometric.c output.c \ + http.c io.c ip.c json.c main.c mft.c mkdir.c ometric.c output.c \ output-bgpd.c output-bird.c output-csv.c output-json.c \ output-ometric.c parser.c print.c repo.c roa.c rrdp.c rrdp_delta.c \ rrdp_notification.c rrdp_snapshot.c rrdp_util.c rsc.c rsync.c tak.c \ diff --git a/usr.sbin/rpki-client/cert.c b/usr.sbin/rpki-client/cert.c index 508e48a3e82..c1b12b10c26 100644 --- a/usr.sbin/rpki-client/cert.c +++ b/usr.sbin/rpki-client/cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cert.c,v 1.113 2023/06/24 04:15:14 tb Exp $ */ +/* $OpenBSD: cert.c,v 1.114 2023/06/29 10:28:25 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler * Copyright (c) 2021 Job Snijders @@ -167,13 +167,13 @@ sbgp_assysnum(struct parse *p, X509_EXTENSION *ext) int i, rc = 0; if (!X509_EXTENSION_get_critical(ext)) { - cryptowarnx("%s: RFC 6487 section 4.8.11: autonomousSysNum: " + warnx("%s: RFC 6487 section 4.8.11: autonomousSysNum: " "extension not critical", p->fn); goto out; } if ((asidentifiers = X509V3_EXT_d2i(ext)) == NULL) { - cryptowarnx("%s: RFC 6487 section 4.8.11: autonomousSysNum: " + warnx("%s: RFC 6487 section 4.8.11: autonomousSysNum: " "failed extension parse", p->fn); goto out; } @@ -348,13 +348,13 @@ sbgp_ipaddrblk(struct parse *p, X509_EXTENSION *ext) int i, j, rc = 0; if (!X509_EXTENSION_get_critical(ext)) { - cryptowarnx("%s: RFC 6487 section 4.8.10: sbgp-ipAddrBlock: " + warnx("%s: RFC 6487 section 4.8.10: sbgp-ipAddrBlock: " "extension not critical", p->fn); goto out; } if ((addrblk = X509V3_EXT_d2i(ext)) == NULL) { - cryptowarnx("%s: RFC 6487 section 4.8.10: sbgp-ipAddrBlock: " + warnx("%s: RFC 6487 section 4.8.10: sbgp-ipAddrBlock: " "failed extension parse", p->fn); goto out; } @@ -453,8 +453,8 @@ sbgp_sia(struct parse *p, X509_EXTENSION *ext) } if ((sia = X509V3_EXT_d2i(ext)) == NULL) { - cryptowarnx("%s: RFC 6487 section 4.8.8: SIA: " - "failed extension parse", p->fn); + warnx("%s: RFC 6487 section 4.8.8: SIA: failed extension parse", + p->fn); goto out; } @@ -530,13 +530,13 @@ certificate_policies(struct parse *p, X509_EXTENSION *ext) int rc = 0; if (!X509_EXTENSION_get_critical(ext)) { - cryptowarnx("%s: RFC 6487 section 4.8.9: certificatePolicies: " + warnx("%s: RFC 6487 section 4.8.9: certificatePolicies: " "extension not critical", p->fn); goto out; } if ((policies = X509V3_EXT_d2i(ext)) == NULL) { - cryptowarnx("%s: RFC 6487 section 4.8.9: certificatePolicies: " + warnx("%s: RFC 6487 section 4.8.9: certificatePolicies: " "failed extension parse", p->fn); goto out; } @@ -641,7 +641,7 @@ cert_parse_ee_cert(const char *fn, X509 *x) } if (!X509_up_ref(x)) { - cryptowarnx("%s: X509_up_ref failed", fn); + warnx("%s: X509_up_ref failed", fn); goto out; } @@ -688,7 +688,7 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len) oder = der; if ((x = d2i_X509(NULL, &der, len)) == NULL) { - cryptowarnx("%s: d2i_X509", p.fn); + warnx("%s: d2i_X509", p.fn); goto out; } if (der != oder + len) { @@ -698,7 +698,7 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len) /* Cache X509v3 extensions, see X509_check_ca(3). */ if (X509_check_purpose(x, -1, -1) <= 0) { - cryptowarnx("%s: could not cache X509v3 extensions", p.fn); + warnx("%s: could not cache X509v3 extensions", p.fn); goto out; } @@ -709,7 +709,7 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len) X509_get0_signature(NULL, &palg, x); if (palg == NULL) { - cryptowarnx("%s: X509_get0_signature", p.fn); + warnx("%s: X509_get0_signature", p.fn); goto out; } X509_ALGOR_get0(&cobj, NULL, NULL, palg); @@ -730,7 +730,7 @@ cert_parse_pre(const char *fn, const unsigned char *der, size_t len) /* Look for X509v3 extensions. */ if ((extsz = X509_get_ext_count(x)) < 0) - cryptoerrx("X509_get_ext_count"); + errx(1, "X509_get_ext_count"); for (i = 0; i < (size_t)extsz; i++) { ext = X509_get_ext(x, i); @@ -941,15 +941,15 @@ ta_parse(const char *fn, struct cert *p, const unsigned char *pkey, /* first check pubkey against the one from the TAL */ pk = d2i_PUBKEY(NULL, &pkey, pkeysz); if (pk == NULL) { - cryptowarnx("%s: RFC 6487 (trust anchor): bad TAL pubkey", fn); + warnx("%s: RFC 6487 (trust anchor): bad TAL pubkey", fn); goto badcert; } if ((opk = X509_get0_pubkey(p->x509)) == NULL) { - cryptowarnx("%s: RFC 6487 (trust anchor): missing pubkey", fn); + warnx("%s: RFC 6487 (trust anchor): missing pubkey", fn); goto badcert; } if (EVP_PKEY_cmp(pk, opk) != 1) { - cryptowarnx("%s: RFC 6487 (trust anchor): " + warnx("%s: RFC 6487 (trust anchor): " "pubkey does not match TAL pubkey", fn); goto badcert; } diff --git a/usr.sbin/rpki-client/cms.c b/usr.sbin/rpki-client/cms.c index 1d31beb0928..43d0537fa32 100644 --- a/usr.sbin/rpki-client/cms.c +++ b/usr.sbin/rpki-client/cms.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms.c,v 1.37 2023/06/20 02:46:18 job Exp $ */ +/* $OpenBSD: cms.c,v 1.38 2023/06/29 10:28:25 tb Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -123,7 +123,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der, oder = der; if ((cms = d2i_CMS_ContentInfo(NULL, &der, len)) == NULL) { - cryptowarnx("%s: RFC 6488: failed CMS parse", fn); + warnx("%s: RFC 6488: failed CMS parse", fn); goto out; } if (der != oder + len) { @@ -137,7 +137,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der, */ if (!CMS_verify(cms, NULL, NULL, bio, NULL, CMS_NO_SIGNER_CERT_VERIFY)) { - cryptowarnx("%s: CMS verification error", fn); + warnx("%s: CMS verification error", fn); goto out; } @@ -156,14 +156,14 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der, goto out; } if (sk_CMS_SignerInfo_num(sinfos) != 1) { - cryptowarnx("%s: RFC 6488: CMS has multiple signerInfos", fn); + warnx("%s: RFC 6488: CMS has multiple signerInfos", fn); goto out; } si = sk_CMS_SignerInfo_value(sinfos, 0); nattrs = CMS_signed_get_attr_count(si); if (nattrs <= 0) { - cryptowarnx("%s: RFC 6488: error extracting signedAttrs", fn); + warnx("%s: RFC 6488: error extracting signedAttrs", fn); goto out; } for (i = 0; i < nattrs; i++) { @@ -171,31 +171,31 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der, attr = CMS_signed_get_attr(si, i); if (attr == NULL || X509_ATTRIBUTE_count(attr) != 1) { - cryptowarnx("%s: RFC 6488: " - "bad signed attribute encoding", fn); + warnx("%s: RFC 6488: bad signed attribute encoding", + fn); goto out; } obj = X509_ATTRIBUTE_get0_object(attr); if (obj == NULL) { - cryptowarnx("%s: RFC 6488: bad signed attribute", fn); + warnx("%s: RFC 6488: bad signed attribute", fn); goto out; } if (OBJ_cmp(obj, cnt_type_oid) == 0) { if (has_ct++ != 0) { - cryptowarnx("%s: RFC 6488: duplicate " + warnx("%s: RFC 6488: duplicate " "signed attribute", fn); goto out; } } else if (OBJ_cmp(obj, msg_dgst_oid) == 0) { if (has_md++ != 0) { - cryptowarnx("%s: RFC 6488: duplicate " + warnx("%s: RFC 6488: duplicate " "signed attribute", fn); goto out; } } else if (OBJ_cmp(obj, sign_time_oid) == 0) { if (has_st++ != 0) { - cryptowarnx("%s: RFC 6488: duplicate " + warnx("%s: RFC 6488: duplicate " "signed attribute", fn); goto out; } @@ -203,13 +203,13 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der, goto out; } else if (OBJ_cmp(obj, bin_sign_time_oid) == 0) { if (has_bst++ != 0) { - cryptowarnx("%s: RFC 6488: duplicate " + warnx("%s: RFC 6488: duplicate " "signed attribute", fn); goto out; } } else { OBJ_obj2txt(buf, sizeof(buf), obj, 1); - cryptowarnx("%s: RFC 6488: " + warnx("%s: RFC 6488: " "CMS has unexpected signed attribute %s", fn, buf); goto out; @@ -217,7 +217,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der, } if (!has_ct || !has_md) { - cryptowarnx("%s: RFC 6488: CMS missing required " + warnx("%s: RFC 6488: CMS missing required " "signed attribute", fn); goto out; } @@ -229,7 +229,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der, warnx("%s: missing CMS signing-time attribute", fn); if (CMS_unsigned_get_attr_count(si) != -1) { - cryptowarnx("%s: RFC 6488: CMS has unsignedAttrs", fn); + warnx("%s: RFC 6488: CMS has unsignedAttrs", fn); goto out; } @@ -288,7 +288,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der, crls = CMS_get1_crls(cms); if (crls != NULL) { sk_X509_CRL_pop_free(crls, X509_CRL_free); - cryptowarnx("%s: RFC 6488: CMS has CRLs", fn); + warnx("%s: RFC 6488: CMS has CRLs", fn); goto out; } @@ -312,7 +312,7 @@ cms_parse_validate_internal(X509 **xp, const char *fn, const unsigned char *der, /* Cache X509v3 extensions, see X509_check_ca(3). */ if (X509_check_purpose(*xp, -1, -1) <= 0) { - cryptowarnx("%s: could not cache X509v3 extensions", fn); + warnx("%s: could not cache X509v3 extensions", fn); goto out; } diff --git a/usr.sbin/rpki-client/crl.c b/usr.sbin/rpki-client/crl.c index bf9b19a62d6..ac20c055c05 100644 --- a/usr.sbin/rpki-client/crl.c +++ b/usr.sbin/rpki-client/crl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crl.c,v 1.26 2023/06/20 12:48:32 job Exp $ */ +/* $OpenBSD: crl.c,v 1.27 2023/06/29 10:28:25 tb Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -43,7 +43,7 @@ crl_parse(const char *fn, const unsigned char *der, size_t len) oder = der; if ((crl->x509_crl = d2i_X509_CRL(NULL, &der, len)) == NULL) { - cryptowarnx("%s: d2i_X509_CRL", fn); + warnx("%s: d2i_X509_CRL", fn); goto out; } if (der != oder + len) { @@ -58,7 +58,7 @@ crl_parse(const char *fn, const unsigned char *der, size_t len) X509_CRL_get0_signature(crl->x509_crl, NULL, &palg); if (palg == NULL) { - cryptowarnx("%s: X509_CRL_get0_signature", fn); + warnx("%s: X509_CRL_get0_signature", fn); goto out; } X509_ALGOR_get0(&cobj, NULL, NULL, palg); diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h index 142442c3783..d32c1313e89 100644 --- a/usr.sbin/rpki-client/extern.h +++ b/usr.sbin/rpki-client/extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: extern.h,v 1.186 2023/06/26 18:39:53 job Exp $ */ +/* $OpenBSD: extern.h,v 1.187 2023/06/29 10:28:25 tb Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -799,14 +799,6 @@ void rrdp_fetch(unsigned int, const char *, const char *, void rrdp_abort(unsigned int); void rrdp_http_done(unsigned int, enum http_result, const char *); -/* Logging (though really used for OpenSSL errors). */ - -void cryptowarnx(const char *, ...) - __attribute__((format(printf, 1, 2))); -void cryptoerrx(const char *, ...) - __attribute__((format(printf, 1, 2))) - __attribute__((noreturn)); - /* Encoding functions for hex and base64. */ unsigned char *load_file(const char *, size_t *); diff --git a/usr.sbin/rpki-client/filemode.c b/usr.sbin/rpki-client/filemode.c index 6a0cbecbd51..967f6816e69 100644 --- a/usr.sbin/rpki-client/filemode.c +++ b/usr.sbin/rpki-client/filemode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: filemode.c,v 1.33 2023/05/30 16:02:28 job Exp $ */ +/* $OpenBSD: filemode.c,v 1.34 2023/06/29 10:28:25 tb Exp $ */ /* * Copyright (c) 2019 Claudio Jeker * Copyright (c) 2019 Kristaps Dzonsons @@ -650,7 +650,7 @@ proc_filemode(int fd) x509_init_oid(); if ((ctx = X509_STORE_CTX_new()) == NULL) - cryptoerrx("X509_STORE_CTX_new"); + err(1, "X509_STORE_CTX_new"); TAILQ_INIT(&q); msgbuf_init(&msgq); diff --git a/usr.sbin/rpki-client/log.c b/usr.sbin/rpki-client/log.c deleted file mode 100644 index 662bd4678dc..00000000000 --- a/usr.sbin/rpki-client/log.c +++ /dev/null @@ -1,74 +0,0 @@ -/* $OpenBSD: log.c,v 1.6 2020/09/12 15:46:48 claudio Exp $ */ -/* - * Copyright (c) 2019 Kristaps Dzonsons - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include -#include -#include - -#include - -#include "extern.h" - -/* - * Print the chain of openssl errors that led to the current one. - * This should only be invoked in the event that OpenSSL fails with - * something. - * It's followed by the (optional) given error message, then terminates. - */ -void -cryptoerrx(const char *fmt, ...) -{ - unsigned long er; - char buf[BUFSIZ]; - va_list ap; - - while ((er = ERR_get_error()) > 0) { - ERR_error_string_n(er, buf, sizeof(buf)); - warnx(" ...trace: %s", buf); - } - - if (fmt != NULL) { - va_start(ap, fmt); - vwarnx(fmt, ap); - va_end(ap); - } - - exit(1); -} - -/* - * Like cryptoerrx(), but without exiting. - */ -void -cryptowarnx(const char *fmt, ...) -{ - unsigned long er; - char buf[BUFSIZ]; - va_list ap; - - while ((er = ERR_get_error()) > 0) { - ERR_error_string_n(er, buf, sizeof(buf)); - warnx(" ...trace: %s", buf); - } - - if (fmt != NULL) { - va_start(ap, fmt); - vwarnx(fmt, ap); - va_end(ap); - } -} diff --git a/usr.sbin/rpki-client/mft.c b/usr.sbin/rpki-client/mft.c index 2f4761e0228..43e769f7098 100644 --- a/usr.sbin/rpki-client/mft.c +++ b/usr.sbin/rpki-client/mft.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mft.c,v 1.95 2023/06/20 12:39:50 job Exp $ */ +/* $OpenBSD: mft.c,v 1.96 2023/06/29 10:28:25 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler * Copyright (c) 2019 Kristaps Dzonsons @@ -281,7 +281,7 @@ mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) int i, rc = 0; if ((mft = d2i_Manifest(NULL, &d, dsz)) == NULL) { - cryptowarnx("%s: RFC 6486 section 4: failed to parse Manifest", + warnx("%s: RFC 6486 section 4: failed to parse Manifest", p->fn); goto out; } diff --git a/usr.sbin/rpki-client/parser.c b/usr.sbin/rpki-client/parser.c index 107375fc2ce..9084c2fc7ae 100644 --- a/usr.sbin/rpki-client/parser.c +++ b/usr.sbin/rpki-client/parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.c,v 1.96 2023/05/30 16:02:28 job Exp $ */ +/* $OpenBSD: parser.c,v 1.97 2023/06/29 10:28:25 tb Exp $ */ /* * Copyright (c) 2019 Claudio Jeker * Copyright (c) 2019 Kristaps Dzonsons @@ -815,7 +815,7 @@ proc_parser(int fd) x509_init_oid(); if ((ctx = X509_STORE_CTX_new()) == NULL) - cryptoerrx("X509_STORE_CTX_new"); + err(1, "X509_STORE_CTX_new"); TAILQ_INIT(&q); diff --git a/usr.sbin/rpki-client/roa.c b/usr.sbin/rpki-client/roa.c index 0097b514fa3..e7637a42356 100644 --- a/usr.sbin/rpki-client/roa.c +++ b/usr.sbin/rpki-client/roa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: roa.c,v 1.68 2023/06/07 10:46:34 job Exp $ */ +/* $OpenBSD: roa.c,v 1.69 2023/06/29 10:28:25 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler * Copyright (c) 2019 Kristaps Dzonsons @@ -114,7 +114,7 @@ roa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) int i, j, rc = 0; if ((roa = d2i_RouteOriginAttestation(NULL, &d, dsz)) == NULL) { - cryptowarnx("%s: RFC 6482 section 3: failed to parse " + warnx("%s: RFC 6482 section 3: failed to parse " "RouteOriginAttestation", p->fn); goto out; } diff --git a/usr.sbin/rpki-client/rsc.c b/usr.sbin/rpki-client/rsc.c index 4e9f491ca88..552eb5ba61b 100644 --- a/usr.sbin/rpki-client/rsc.c +++ b/usr.sbin/rpki-client/rsc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsc.c,v 1.26 2023/06/07 10:46:34 job Exp $ */ +/* $OpenBSD: rsc.c,v 1.27 2023/06/29 10:28:25 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler * Copyright (c) 2022 Job Snijders @@ -334,8 +334,7 @@ rsc_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) */ if ((rsc = d2i_RpkiSignedChecklist(NULL, &d, dsz)) == NULL) { - cryptowarnx("%s: RSC: failed to parse RpkiSignedChecklist", - p->fn); + warnx("%s: RSC: failed to parse RpkiSignedChecklist", p->fn); goto out; } diff --git a/usr.sbin/rpki-client/tak.c b/usr.sbin/rpki-client/tak.c index b841e9abcad..45a5e4035fd 100644 --- a/usr.sbin/rpki-client/tak.c +++ b/usr.sbin/rpki-client/tak.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tak.c,v 1.10 2023/06/20 12:39:50 job Exp $ */ +/* $OpenBSD: tak.c,v 1.11 2023/06/29 10:28:25 tb Exp $ */ /* * Copyright (c) 2022 Job Snijders * Copyright (c) 2022 Theo Buehler @@ -191,7 +191,7 @@ tak_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p) fn = p->fn; if ((tak = d2i_TAK(NULL, &d, dsz)) == NULL) { - cryptowarnx("%s: failed to parse Trust Anchor Key", fn); + warnx("%s: failed to parse Trust Anchor Key", fn); goto out; } diff --git a/usr.sbin/rpki-client/tal.c b/usr.sbin/rpki-client/tal.c index c326f66114e..a1af4a70de1 100644 --- a/usr.sbin/rpki-client/tal.c +++ b/usr.sbin/rpki-client/tal.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tal.c,v 1.38 2022/11/30 09:02:58 job Exp $ */ +/* $OpenBSD: tal.c,v 1.39 2023/06/29 10:28:25 tb Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -137,7 +137,7 @@ tal_parse_buffer(const char *fn, char *buf, size_t len) /* Make sure it's a valid public key. */ pkey = d2i_PUBKEY(NULL, (const unsigned char **)&der, dersz); if (pkey == NULL) { - cryptowarnx("%s: RFC 7730 section 2.1: subjectPublicKeyInfo: " + warnx("%s: RFC 7730 section 2.1: subjectPublicKeyInfo: " "failed public key parse", fn); goto out; } diff --git a/usr.sbin/rpki-client/validate.c b/usr.sbin/rpki-client/validate.c index 7865a93d012..d934f2c1e41 100644 --- a/usr.sbin/rpki-client/validate.c +++ b/usr.sbin/rpki-client/validate.c @@ -1,4 +1,4 @@ -/* $OpenBSD: validate.c,v 1.65 2023/06/07 11:09:08 tb Exp $ */ +/* $OpenBSD: validate.c,v 1.66 2023/06/29 10:28:25 tb Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -407,14 +407,14 @@ valid_x509(char *file, X509_STORE_CTX *store_ctx, X509 *x509, struct auth *a, assert(store_ctx != NULL); assert(x509 != NULL); if (!X509_STORE_CTX_init(store_ctx, NULL, x509, NULL)) - cryptoerrx("X509_STORE_CTX_init"); + err(1, "X509_STORE_CTX_init"); if ((params = X509_STORE_CTX_get0_param(store_ctx)) == NULL) - cryptoerrx("X509_STORE_CTX_get0_param"); + errx(1, "X509_STORE_CTX_get0_param"); if ((cp_oid = OBJ_dup(certpol_oid)) == NULL) - cryptoerrx("OBJ_dup"); + err(1, "OBJ_dup"); if (!X509_VERIFY_PARAM_add0_policy(params, cp_oid)) - cryptoerrx("X509_VERIFY_PARAM_add0_policy"); + err(1, "X509_VERIFY_PARAM_add0_policy"); X509_VERIFY_PARAM_set_time(params, get_current_time()); flags = X509_V_FLAG_CRL_CHECK;