diff options
| author |   claudio <claudio@openbsd.org> | 2020-04-02 09:16:43 +0000 |
|---|---|---|
| committer | claudio <claudio@openbsd.org> | 2020-04-02 09:16:43 +0000 |
| commit | 5ff8d7be0aa3aa75ac4810bf9a7735c97e38a190 (patch) | |
| tree | 3cc20a0ab5b294a7f4fa49debb71e4fcdf21d144 /usr.sbin/rpki-client | |
| parent | Introduce kqueue_sleep() a wrapper around the tsleep(9) dance. (diff) | |
| download | wireguard-openbsd-5ff8d7be0aa3aa75ac4810bf9a7735c97e38a190.tar.xz wireguard-openbsd-5ff8d7be0aa3aa75ac4810bf9a7735c97e38a190.zip | |
Use fopen() and BIO_new_fd() instead of BIO_new_file so that a possible
open error can be better logged to the operator. The cryptowarnx function
logs warnings is a less optimal way (mainly because of OpenSSL error stacks).
OK benno@ deraadt@
Diffstat (limited to 'usr.sbin/rpki-client')
| -rw-r--r-- | usr.sbin/rpki-client/cert.c | 10 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/cms.c | 12 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/crl.c | 10 |
3 files changed, 24 insertions, 8 deletions
diff --git a/usr.sbin/rpki-client/cert.c b/usr.sbin/rpki-client/cert.c index 419977d29ed..cdb8da757a2 100644 --- a/usr.sbin/rpki-client/cert.c +++ b/usr.sbin/rpki-client/cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cert.c,v 1.14 2020/02/26 02:35:08 deraadt Exp $ */ +/* $OpenBSD: cert.c,v 1.15 2020/04/02 09:16:43 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -930,12 +930,18 @@ cert_parse_inner(X509 **xp, const char *fn, const unsigned char *dgst, int ta) ASN1_OBJECT *obj; struct parse p; BIO *bio = NULL, *shamd; + FILE *f; EVP_MD *md; char mdbuf[EVP_MAX_MD_SIZE]; *xp = NULL; - if ((bio = BIO_new_file(fn, "rb")) == NULL) { + if ((f = fopen(fn, "rb")) == NULL) { + warn("%s", fn); + return NULL; + } + + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) { if (verbose > 0) cryptowarnx("%s: BIO_new_file", fn); return NULL; diff --git a/usr.sbin/rpki-client/cms.c b/usr.sbin/rpki-client/cms.c index f42fc621f65..25788af5d99 100644 --- a/usr.sbin/rpki-client/cms.c +++ b/usr.sbin/rpki-client/cms.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms.c,v 1.6 2019/11/29 05:14:11 benno Exp $ */ +/* $OpenBSD: cms.c,v 1.7 2020/04/02 09:16:43 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -42,6 +42,7 @@ cms_parse_validate(X509 **xp, const char *fn, ASN1_OCTET_STRING **os = NULL; BIO *bio = NULL, *shamd; CMS_ContentInfo *cms; + FILE *f; char buf[128], mdbuf[EVP_MAX_MD_SIZE]; int rc = 0, sz; STACK_OF(X509) *certs = NULL; @@ -55,10 +56,13 @@ cms_parse_validate(X509 **xp, const char *fn, * This is usually fopen() failure, so let it pass through to * the handler, which will in turn ignore the entity. */ + if ((f = fopen(fn, "rb")) == NULL) { + warn("%s", fn); + return NULL; + } - if ((bio = BIO_new_file(fn, "rb")) == NULL) { - if (verbose > 0) - cryptowarnx("%s: BIO_new_file", fn); + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) { + cryptowarnx("%s: BIO_new_fp", fn); return NULL; } diff --git a/usr.sbin/rpki-client/crl.c b/usr.sbin/rpki-client/crl.c index 68f55b7733d..0c9e20f29a4 100644 --- a/usr.sbin/rpki-client/crl.c +++ b/usr.sbin/rpki-client/crl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crl.c,v 1.7 2019/11/29 04:40:04 claudio Exp $ */ +/* $OpenBSD: crl.c,v 1.8 2020/04/02 09:16:43 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -36,10 +36,16 @@ crl_parse(const char *fn, const unsigned char *dgst) int rc = 0, sz; X509_CRL *x = NULL; BIO *bio = NULL, *shamd; + FILE *f; EVP_MD *md; char mdbuf[EVP_MAX_MD_SIZE]; - if ((bio = BIO_new_file(fn, "rb")) == NULL) { + if ((f = fopen(fn, "rb")) == NULL) { + warn("%s", fn); + return NULL; + } + + if ((bio = BIO_new_fp(f, BIO_CLOSE)) == NULL) { if (verbose > 0) cryptowarnx("%s: BIO_new_file", fn); return NULL; |