I wrote versions of this diff several times in the past but never sent
it out. A question by claudio encouraged me...
cryptowarnx() and cryptoerrx() fail at showing openssl error stacks
in a pleasant way as no amount of lipstick can make this pig pretty.
I don't think these stacks should be shown to the user and they are
not a real debugging aid either as I don't recall that this ever made
things any easier for me.
This mechanically replaces cryptowarnx() with warnx() and cryptoerrx()
with either errx(1, ...) or err(1, ...) depending on whether the only
possible error is allocation failure as that might give a useful hint.
Regress will need a trivial diff and I'll send a PR to portable once
this is in.
Index: Makefile
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/Makefile,v
retrieving revision 1.31
diff -u -p -r1.31 Makefile
--- Makefile 12 Jun 2023 14:56:38 -0000 1.31
+++ Makefile 29 Jun 2023 07:08:01 -0000
@@ -2,7 +2,7 @@
PROG= rpki-client
SRCS= as.c aspa.c cert.c cms.c crl.c encoding.c filemode.c gbr.c geofeed.c \
- http.c io.c ip.c json.c log.c main.c mft.c mkdir.c ometric.c output.c \
+ http.c io.c ip.c json.c main.c mft.c mkdir.c ometric.c output.c \
output-bgpd.c output-bird.c output-csv.c output-json.c \
output-ometric.c parser.c print.c repo.c roa.c rrdp.c rrdp_delta.c \
rrdp_notification.c rrdp_snapshot.c rrdp_util.c rsc.c rsync.c tak.c \
Index: cert.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
retrieving revision 1.113
diff -u -p -r1.113 cert.c
--- cert.c 24 Jun 2023 04:15:14 -0000 1.113
+++ cert.c 29 Jun 2023 07:02:52 -0000
@@ -167,13 +167,13 @@ sbgp_assysnum(struct parse *p, X509_EXTE
int i, rc = 0;
if (!X509_EXTENSION_get_critical(ext)) {
- cryptowarnx("%s: RFC 6487 section 4.8.11: autonomousSysNum: "
+ warnx("%s: RFC 6487 section 4.8.11: autonomousSysNum: "
"extension not critical", p->fn);
goto out;
}
if ((asidentifiers = X509V3_EXT_d2i(ext)) == NULL) {
- cryptowarnx("%s: RFC 6487 section 4.8.11: autonomousSysNum: "
+ warnx("%s: RFC 6487 section 4.8.11: autonomousSysNum: "
"failed extension parse", p->fn);
goto out;
}
@@ -348,13 +348,13 @@ sbgp_ipaddrblk(struct parse *p, X509_EXT
int i, j, rc = 0;
if (!X509_EXTENSION_get_critical(ext)) {
- cryptowarnx("%s: RFC 6487 section 4.8.10: sbgp-ipAddrBlock: "
+ warnx("%s: RFC 6487 section 4.8.10: sbgp-ipAddrBlock: "
"extension not critical", p->fn);
goto out;
}
if ((addrblk = X509V3_EXT_d2i(ext)) == NULL) {
- cryptowarnx("%s: RFC 6487 section 4.8.10: sbgp-ipAddrBlock: "
+ warnx("%s: RFC 6487 section 4.8.10: sbgp-ipAddrBlock: "
"failed extension parse", p->fn);
goto out;
}
@@ -453,8 +453,8 @@ sbgp_sia(struct parse *p, X509_EXTENSION
}
if ((sia = X509V3_EXT_d2i(ext)) == NULL) {
- cryptowarnx("%s: RFC 6487 section 4.8.8: SIA: "
- "failed extension parse", p->fn);
+ warnx("%s: RFC 6487 section 4.8.8: SIA: failed extension parse",
+ p->fn);
goto out;
}
@@ -530,13 +530,13 @@ certificate_policies(struct parse *p, X5
int rc = 0;
if (!X509_EXTENSION_get_critical(ext)) {
- cryptowarnx("%s: RFC 6487 section 4.8.9: certificatePolicies: "
+ warnx("%s: RFC 6487 section 4.8.9: certificatePolicies: "
"extension not critical", p->fn);
goto out;
}
if ((policies = X509V3_EXT_d2i(ext)) == NULL) {
- cryptowarnx("%s: RFC 6487 section 4.8.9: certificatePolicies: "
+ warnx("%s: RFC 6487 section 4.8.9: certificatePolicies: "
"failed extension parse", p->fn);
goto out;
}
@@ -641,7 +641,7 @@ cert_parse_ee_cert(const char *fn, X509
}
if (!X509_up_ref(x)) {
- cryptowarnx("%s: X509_up_ref failed", fn);
+ warnx("%s: X509_up_ref failed", fn);
goto out;
}
@@ -688,7 +688,7 @@ cert_parse_pre(const char *fn, const uns
oder = der;
if ((x = d2i_X509(NULL, &der, len)) == NULL) {
- cryptowarnx("%s: d2i_X509", p.fn);
+ warnx("%s: d2i_X509", p.fn);
goto out;
}
if (der != oder + len) {
@@ -698,7 +698,7 @@ cert_parse_pre(const char *fn, const uns
/* Cache X509v3 extensions, see X509_check_ca(3). */
if (X509_check_purpose(x, -1, -1) <= 0) {
- cryptowarnx("%s: could not cache X509v3 extensions", p.fn);
+ warnx("%s: could not cache X509v3 extensions", p.fn);
goto out;
}
@@ -709,7 +709,7 @@ cert_parse_pre(const char *fn, const uns
X509_get0_signature(NULL, &palg, x);
if (palg == NULL) {
- cryptowarnx("%s: X509_get0_signature", p.fn);
+ warnx("%s: X509_get0_signature", p.fn);
goto out;
}
X509_ALGOR_get0(&cobj, NULL, NULL, palg);
@@ -730,7 +730,7 @@ cert_parse_pre(const char *fn, const uns
/* Look for X509v3 extensions. */
if ((extsz = X509_get_ext_count(x)) < 0)
- cryptoerrx("X509_get_ext_count");
+ errx(1, "X509_get_ext_count");
for (i = 0; i < (size_t)extsz; i++) {
ext = X509_get_ext(x, i);
@@ -941,15 +941,15 @@ ta_parse(const char *fn, struct cert *p,
/* first check pubkey against the one from the TAL */
pk = d2i_PUBKEY(NULL, &pkey, pkeysz);
if (pk == NULL) {
- cryptowarnx("%s: RFC 6487 (trust anchor): bad TAL pubkey", fn);
+ warnx("%s: RFC 6487 (trust anchor): bad TAL pubkey", fn);
goto badcert;
}
if ((opk = X509_get0_pubkey(p->x509)) == NULL) {
- cryptowarnx("%s: RFC 6487 (trust anchor): missing pubkey", fn);
+ warnx("%s: RFC 6487 (trust anchor): missing pubkey", fn);
goto badcert;
}
if (EVP_PKEY_cmp(pk, opk) != 1) {
- cryptowarnx("%s: RFC 6487 (trust anchor): "
+ warnx("%s: RFC 6487 (trust anchor): "
"pubkey does not match TAL pubkey", fn);
goto badcert;
}
Index: cms.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/cms.c,v
retrieving revision 1.37
diff -u -p -r1.37 cms.c
--- cms.c 20 Jun 2023 02:46:18 -0000 1.37
+++ cms.c 29 Jun 2023 07:00:06 -0000
@@ -123,7 +123,7 @@ cms_parse_validate_internal(X509 **xp, c
oder = der;
if ((cms = d2i_CMS_ContentInfo(NULL, &der, len)) == NULL) {
- cryptowarnx("%s: RFC 6488: failed CMS parse", fn);
+ warnx("%s: RFC 6488: failed CMS parse", fn);
goto out;
}
if (der != oder + len) {
@@ -137,7 +137,7 @@ cms_parse_validate_internal(X509 **xp, c
*/
if (!CMS_verify(cms, NULL, NULL, bio, NULL,
CMS_NO_SIGNER_CERT_VERIFY)) {
- cryptowarnx("%s: CMS verification error", fn);
+ warnx("%s: CMS verification error", fn);
goto out;
}
@@ -156,14 +156,14 @@ cms_parse_validate_internal(X509 **xp, c
goto out;
}
if (sk_CMS_SignerInfo_num(sinfos) != 1) {
- cryptowarnx("%s: RFC 6488: CMS has multiple signerInfos", fn);
+ warnx("%s: RFC 6488: CMS has multiple signerInfos", fn);
goto out;
}
si = sk_CMS_SignerInfo_value(sinfos, 0);
nattrs = CMS_signed_get_attr_count(si);
if (nattrs <= 0) {
- cryptowarnx("%s: RFC 6488: error extracting signedAttrs", fn);
+ warnx("%s: RFC 6488: error extracting signedAttrs", fn);
goto out;
}
for (i = 0; i < nattrs; i++) {
@@ -171,31 +171,31 @@ cms_parse_validate_internal(X509 **xp, c
attr = CMS_signed_get_attr(si, i);
if (attr == NULL || X509_ATTRIBUTE_count(attr) != 1) {
- cryptowarnx("%s: RFC 6488: "
- "bad signed attribute encoding", fn);
+ warnx("%s: RFC 6488: bad signed attribute encoding",
+ fn);
goto out;
}
obj = X509_ATTRIBUTE_get0_object(attr);
if (obj == NULL) {
- cryptowarnx("%s: RFC 6488: bad signed attribute", fn);
+ warnx("%s: RFC 6488: bad signed attribute", fn);
goto out;
}
if (OBJ_cmp(obj, cnt_type_oid) == 0) {
if (has_ct++ != 0) {
- cryptowarnx("%s: RFC 6488: duplicate "
+ warnx("%s: RFC 6488: duplicate "
"signed attribute", fn);
goto out;
}
} else if (OBJ_cmp(obj, msg_dgst_oid) == 0) {
if (has_md++ != 0) {
- cryptowarnx("%s: RFC 6488: duplicate "
+ warnx("%s: RFC 6488: duplicate "
"signed attribute", fn);
goto out;
}
} else if (OBJ_cmp(obj, sign_time_oid) == 0) {
if (has_st++ != 0) {
- cryptowarnx("%s: RFC 6488: duplicate "
+ warnx("%s: RFC 6488: duplicate "
"signed attribute", fn);
goto out;
}
@@ -203,13 +203,13 @@ cms_parse_validate_internal(X509 **xp, c
goto out;
} else if (OBJ_cmp(obj, bin_sign_time_oid) == 0) {
if (has_bst++ != 0) {
- cryptowarnx("%s: RFC 6488: duplicate "
+ warnx("%s: RFC 6488: duplicate "
"signed attribute", fn);
goto out;
}
} else {
OBJ_obj2txt(buf, sizeof(buf), obj, 1);
- cryptowarnx("%s: RFC 6488: "
+ warnx("%s: RFC 6488: "
"CMS has unexpected signed attribute %s",
fn, buf);
goto out;
@@ -217,7 +217,7 @@ cms_parse_validate_internal(X509 **xp, c
}
if (!has_ct || !has_md) {
- cryptowarnx("%s: RFC 6488: CMS missing required "
+ warnx("%s: RFC 6488: CMS missing required "
"signed attribute", fn);
goto out;
}
@@ -229,7 +229,7 @@ cms_parse_validate_internal(X509 **xp, c
warnx("%s: missing CMS signing-time attribute", fn);
if (CMS_unsigned_get_attr_count(si) != -1) {
- cryptowarnx("%s: RFC 6488: CMS has unsignedAttrs", fn);
+ warnx("%s: RFC 6488: CMS has unsignedAttrs", fn);
goto out;
}
@@ -288,7 +288,7 @@ cms_parse_validate_internal(X509 **xp, c
crls = CMS_get1_crls(cms);
if (crls != NULL) {
sk_X509_CRL_pop_free(crls, X509_CRL_free);
- cryptowarnx("%s: RFC 6488: CMS has CRLs", fn);
+ warnx("%s: RFC 6488: CMS has CRLs", fn);
goto out;
}
@@ -312,7 +312,7 @@ cms_parse_validate_internal(X509 **xp, c
/* Cache X509v3 extensions, see X509_check_ca(3). */
if (X509_check_purpose(*xp, -1, -1) <= 0) {
- cryptowarnx("%s: could not cache X509v3 extensions", fn);
+ warnx("%s: could not cache X509v3 extensions", fn);
goto out;
}
Index: crl.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/crl.c,v
retrieving revision 1.26
diff -u -p -r1.26 crl.c
--- crl.c 20 Jun 2023 12:48:32 -0000 1.26
+++ crl.c 29 Jun 2023 07:01:44 -0000
@@ -43,7 +43,7 @@ crl_parse(const char *fn, const unsigned
oder = der;
if ((crl->x509_crl = d2i_X509_CRL(NULL, &der, len)) == NULL) {
- cryptowarnx("%s: d2i_X509_CRL", fn);
+ warnx("%s: d2i_X509_CRL", fn);
goto out;
}
if (der != oder + len) {
@@ -58,7 +58,7 @@ crl_parse(const char *fn, const unsigned
X509_CRL_get0_signature(crl->x509_crl, NULL, &palg);
if (palg == NULL) {
- cryptowarnx("%s: X509_CRL_get0_signature", fn);
+ warnx("%s: X509_CRL_get0_signature", fn);
goto out;
}
X509_ALGOR_get0(&cobj, NULL, NULL, palg);
Index: extern.h
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/extern.h,v
retrieving revision 1.186
diff -u -p -r1.186 extern.h
--- extern.h 26 Jun 2023 18:39:53 -0000 1.186
+++ extern.h 29 Jun 2023 07:05:32 -0000
@@ -799,14 +799,6 @@ void rrdp_fetch(unsigned int, const ch
void rrdp_abort(unsigned int);
void rrdp_http_done(unsigned int, enum http_result, const char *);
-/* Logging (though really used for OpenSSL errors). */
-
-void cryptowarnx(const char *, ...)
- __attribute__((format(printf, 1, 2)));
-void cryptoerrx(const char *, ...)
- __attribute__((format(printf, 1, 2)))
- __attribute__((noreturn));
-
/* Encoding functions for hex and base64. */
unsigned char *load_file(const char *, size_t *);
Index: filemode.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/filemode.c,v
retrieving revision 1.33
diff -u -p -r1.33 filemode.c
--- filemode.c 30 May 2023 16:02:28 -0000 1.33
+++ filemode.c 29 Jun 2023 07:06:04 -0000
@@ -650,7 +650,7 @@ proc_filemode(int fd)
x509_init_oid();
if ((ctx = X509_STORE_CTX_new()) == NULL)
- cryptoerrx("X509_STORE_CTX_new");
+ err(1, "X509_STORE_CTX_new");
TAILQ_INIT(&q);
msgbuf_init(&msgq);
Index: log.c
===================================================================
RCS file: log.c
diff -N log.c
--- log.c 12 Sep 2020 15:46:48 -0000 1.6
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,74 +0,0 @@
-/* $OpenBSD: log.c,v 1.6 2020/09/12 15:46:48 claudio Exp $ */
-/*
- * Copyright (c) 2019 Kristaps Dzonsons <krist...@bsd.lv>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <err.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdint.h>
-
-#include <openssl/err.h>
-
-#include "extern.h"
-
-/*
- * Print the chain of openssl errors that led to the current one.
- * This should only be invoked in the event that OpenSSL fails with
- * something.
- * It's followed by the (optional) given error message, then terminates.
- */
-void
-cryptoerrx(const char *fmt, ...)
-{
- unsigned long er;
- char buf[BUFSIZ];
- va_list ap;
-
- while ((er = ERR_get_error()) > 0) {
- ERR_error_string_n(er, buf, sizeof(buf));
- warnx(" ...trace: %s", buf);
- }
-
- if (fmt != NULL) {
- va_start(ap, fmt);
- vwarnx(fmt, ap);
- va_end(ap);
- }
-
- exit(1);
-}
-
-/*
- * Like cryptoerrx(), but without exiting.
- */
-void
-cryptowarnx(const char *fmt, ...)
-{
- unsigned long er;
- char buf[BUFSIZ];
- va_list ap;
-
- while ((er = ERR_get_error()) > 0) {
- ERR_error_string_n(er, buf, sizeof(buf));
- warnx(" ...trace: %s", buf);
- }
-
- if (fmt != NULL) {
- va_start(ap, fmt);
- vwarnx(fmt, ap);
- va_end(ap);
- }
-}
Index: mft.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/mft.c,v
retrieving revision 1.95
diff -u -p -r1.95 mft.c
--- mft.c 20 Jun 2023 12:39:50 -0000 1.95
+++ mft.c 29 Jun 2023 07:10:04 -0000
@@ -281,7 +281,7 @@ mft_parse_econtent(const unsigned char *
int i, rc = 0;
if ((mft = d2i_Manifest(NULL, &d, dsz)) == NULL) {
- cryptowarnx("%s: RFC 6486 section 4: failed to parse Manifest",
+ warnx("%s: RFC 6486 section 4: failed to parse Manifest",
p->fn);
goto out;
}
Index: parser.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/parser.c,v
retrieving revision 1.96
diff -u -p -r1.96 parser.c
--- parser.c 30 May 2023 16:02:28 -0000 1.96
+++ parser.c 29 Jun 2023 07:12:08 -0000
@@ -815,7 +815,7 @@ proc_parser(int fd)
x509_init_oid();
if ((ctx = X509_STORE_CTX_new()) == NULL)
- cryptoerrx("X509_STORE_CTX_new");
+ err(1, "X509_STORE_CTX_new");
TAILQ_INIT(&q);
Index: roa.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/roa.c,v
retrieving revision 1.68
diff -u -p -r1.68 roa.c
--- roa.c 7 Jun 2023 10:46:34 -0000 1.68
+++ roa.c 29 Jun 2023 07:00:32 -0000
@@ -114,7 +114,7 @@ roa_parse_econtent(const unsigned char *
int i, j, rc = 0;
if ((roa = d2i_RouteOriginAttestation(NULL, &d, dsz)) == NULL) {
- cryptowarnx("%s: RFC 6482 section 3: failed to parse "
+ warnx("%s: RFC 6482 section 3: failed to parse "
"RouteOriginAttestation", p->fn);
goto out;
}
Index: rsc.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/rsc.c,v
retrieving revision 1.26
diff -u -p -r1.26 rsc.c
--- rsc.c 7 Jun 2023 10:46:34 -0000 1.26
+++ rsc.c 29 Jun 2023 06:58:01 -0000
@@ -334,8 +334,7 @@ rsc_parse_econtent(const unsigned char *
*/
if ((rsc = d2i_RpkiSignedChecklist(NULL, &d, dsz)) == NULL) {
- cryptowarnx("%s: RSC: failed to parse RpkiSignedChecklist",
- p->fn);
+ warnx("%s: RSC: failed to parse RpkiSignedChecklist", p->fn);
goto out;
}
Index: tak.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/tak.c,v
retrieving revision 1.10
diff -u -p -r1.10 tak.c
--- tak.c 20 Jun 2023 12:39:50 -0000 1.10
+++ tak.c 29 Jun 2023 07:00:09 -0000
@@ -191,7 +191,7 @@ tak_parse_econtent(const unsigned char *
fn = p->fn;
if ((tak = d2i_TAK(NULL, &d, dsz)) == NULL) {
- cryptowarnx("%s: failed to parse Trust Anchor Key", fn);
+ warnx("%s: failed to parse Trust Anchor Key", fn);
goto out;
}
Index: tal.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/tal.c,v
retrieving revision 1.38
diff -u -p -r1.38 tal.c
--- tal.c 30 Nov 2022 09:02:58 -0000 1.38
+++ tal.c 29 Jun 2023 07:01:34 -0000
@@ -137,7 +137,7 @@ tal_parse_buffer(const char *fn, char *b
/* Make sure it's a valid public key. */
pkey = d2i_PUBKEY(NULL, (const unsigned char **)&der, dersz);
if (pkey == NULL) {
- cryptowarnx("%s: RFC 7730 section 2.1: subjectPublicKeyInfo: "
+ warnx("%s: RFC 7730 section 2.1: subjectPublicKeyInfo: "
"failed public key parse", fn);
goto out;
}
Index: validate.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/validate.c,v
retrieving revision 1.65
diff -u -p -r1.65 validate.c
--- validate.c 7 Jun 2023 11:09:08 -0000 1.65
+++ validate.c 29 Jun 2023 07:08:28 -0000
@@ -407,14 +407,14 @@ valid_x509(char *file, X509_STORE_CTX *s
assert(store_ctx != NULL);
assert(x509 != NULL);
if (!X509_STORE_CTX_init(store_ctx, NULL, x509, NULL))
- cryptoerrx("X509_STORE_CTX_init");
+ err(1, "X509_STORE_CTX_init");
if ((params = X509_STORE_CTX_get0_param(store_ctx)) == NULL)
- cryptoerrx("X509_STORE_CTX_get0_param");
+ errx(1, "X509_STORE_CTX_get0_param");
if ((cp_oid = OBJ_dup(certpol_oid)) == NULL)
- cryptoerrx("OBJ_dup");
+ err(1, "OBJ_dup");
if (!X509_VERIFY_PARAM_add0_policy(params, cp_oid))
- cryptoerrx("X509_VERIFY_PARAM_add0_policy");
+ err(1, "X509_VERIFY_PARAM_add0_policy");
X509_VERIFY_PARAM_set_time(params, get_current_time());
flags = X509_V_FLAG_CRL_CHECK;
