attr->attrValues.list.count);
}
if (attrs->list.array == NULL || attrs->list.array[0] == NULL)
- return pr_crit("Array size is 1 but array is NULL.");
+ pr_crit("Array size is 1 but array is NULL.");
error = oid2arcs(&attr->attrType, &attrType);
if (error)
return 0;
}
-static int
+static void
x509stack_pop(struct cert_stack *stack)
{
X509 *cert;
cert = sk_X509_pop(stack->x509s);
if (cert == NULL)
- return pr_crit("Attempted to pop empty X509 stack");
+ pr_crit("Attempted to pop empty X509 stack");
X509_free(cert);
meta = SLIST_FIRST(&stack->metas);
if (meta == NULL)
- return pr_crit("Attempted to pop empty metadata stack");
+ pr_crit("Attempted to pop empty metadata stack");
SLIST_REMOVE_HEAD(&stack->metas, next);
meta_destroy(meta);
-
- return 0;
}
+/**
+ * Contract: Returns either 0 or -ENOENT. No other outcomes.
+ */
int
deferstack_pop(struct cert_stack *stack, struct deferred_cert *result)
{
struct defer_node *node;
- int error;
again: node = SLIST_FIRST(&stack->defers);
if (node == NULL)
return -ENOENT;
if (node->type == DNT_SEPARATOR) {
- error = x509stack_pop(stack);
- if (error)
- return error;
+ x509stack_pop(stack);
SLIST_REMOVE_HEAD(&stack->defers, next);
defer_destroy(node);
x509stack_pop(stack);
defer_separator = SLIST_FIRST(&stack->defers);
- if (defer_separator == NULL) {
+ if (defer_separator == NULL)
pr_crit("Attempted to pop empty defer stack");
- return;
- }
SLIST_REMOVE_HEAD(&stack->defers, next);
defer_destroy(defer_separator);
}
tmp = fnstack_peek();
if (tmp == NULL)
- return pr_crit("The file name stack is empty.");
+ pr_crit("The file name stack is empty.");
result = strdup(tmp);
if (result == NULL)
struct rpki_uri *pp_crl;
if (refs->crldp == NULL)
- return pr_crit("Certificate's CRL Distribution Point was not recorded.");
+ pr_crit("Certificate's CRL Distribution Point was not recorded.");
pp_crl = rpp_get_crl(pp);
if (pp_crl == NULL)
- return pr_crit("Manifest's CRL was not recorded.");
+ pr_crit("Manifest's CRL was not recorded.");
if (strcmp(refs->crldp, uri_get_global(pp_crl)) != 0) {
return pr_err("Certificate's CRL Distribution Point ('%s') does not match manifest's CRL ('%s').",
struct rpki_uri *parent;
if (refs->caIssuers == NULL)
- return pr_crit("Certificate's AIA was not recorded.");
+ pr_crit("Certificate's AIA was not recorded.");
state = state_retrieve();
if (state == NULL)
return -EINVAL;
parent = x509stack_peek_uri(validation_certstack(state));
if (parent == NULL)
- return pr_crit("CA certificate has no parent.");
+ pr_crit("CA certificate has no parent.");
if (!uri_equals(refs->caIssuers, parent)) {
return pr_err("Certificate's AIA ('%s') does not match parent's URI ('%s').",
struct rpki_uri *signedObject_uri)
{
if (refs->signedObject == NULL)
- return pr_crit("Certificate's signedObject was not recorded.");
+ pr_crit("Certificate's signedObject was not recorded.");
if (!uri_equals(refs->signedObject, signedObject_uri)) {
return pr_err("Certificate's signedObject ('%s') does not match the URI of its own signed object (%s).",
if (error)
return error;
- if (refs->signedObject != NULL) {
- return pr_crit("CA summary has a signedObject ('%s').",
+ if (refs->signedObject != NULL)
+ pr_crit("CA summary has a signedObject ('%s').",
uri_get_printable(refs->signedObject));
- }
return 0;
}
}
}
-int
+void
close_thread(pthread_t thread, char const *what)
{
int error;
error = pthread_cancel(thread);
- if (error && error != ESRCH) {
+ if (error && error != ESRCH)
pr_crit("pthread_cancel() threw %d on the '%s' thread.",
error, what);
- return error;
- }
error = pthread_join(thread, NULL);
if (error)
pr_crit("pthread_join() threw %d on the '%s' thread.",
error, what);
-
- return error;
}
static int
void rwlock_unlock(pthread_rwlock_t *);
/** Also boilerplate. */
-int close_thread(pthread_t thread, char const *what);
+void close_thread(pthread_t thread, char const *what);
typedef int (*process_file_cb)(char const *, void *);
int process_file_or_dir(char const *, char const *, process_file_cb, void *);
}
pr_crit("Invalid sync strategy: '%u'", rpki_config.sync_strategy);
- /*
- * Return something usable anyway; don't want to check NULL.
- * This is supposed to be unreachable code anyway.
- */
- return &rpki_config.rsync.args.recursive;
}
void
return pr_errno(error, "Error while reading file");
if (feof(lfile->file))
return 0;
- return pr_crit("Supposedly unreachable code reached. ferror:%d feof:%d",
+ pr_crit("Supposedly unreachable code reached. ferror:%d feof:%d",
ferror(lfile->file), feof(lfile->file));
}
return -ENOMEM;
}
-int
+__dead void
pr_crit(const char *format, ...)
{
va_list args;
PR_SUFFIX(STDERR);
print_stack_trace();
- return -EINVAL;
+ exit(-1);
}
/**
return -EINVAL;
}
- return pr_crit("Unknown incidence action: %u", action);
+ pr_crit("Unknown incidence action: %u", action);
}
#ifndef SRC_LOG_H_
#define SRC_LOG_H_
+#include <sys/cdefs.h>
#include "incidence/incidence.h"
+/*
+ * __dead is supposed to be defined in sys/cdefs.h, but is apparently not
+ * portable.
+ */
+#ifndef __dead
+#if __GNUC__
+#define __dead __attribute__ ((noreturn))
+#else
+#define __dead
+#endif
+#endif
+
/*
* I know that the OpenBSD style guide says that we shouldn't declare our own
* error printing functions, but we kind of need to do it:
int pr_errno(int, const char *, ...) CHECK_FORMAT(2, 3);
int crypto_err(const char *, ...) CHECK_FORMAT(1, 2);
int pr_enomem(void);
-int pr_crit(const char *, ...) CHECK_FORMAT(1, 2);
+__dead void pr_crit(const char *, ...) CHECK_FORMAT(1, 2);
int incidence(enum incidence_id, const char *, ...) CHECK_FORMAT(2, 3);
tal = validation_tal(state);
if (tal == NULL)
- return pr_crit("Validation state has no TAL.");
+ pr_crit("Validation state has no TAL.");
/*
* We have a problem at this point:
/**
* Skip the "T" part of a TLV.
*/
-static int
+static void
skip_t(ANY_t *content, struct progress *p, unsigned int tag)
{
/*
* to be validated by this point.
*/
- if (content->buf[p->offset] != tag) {
- return pr_crit("Expected tag 0x%x, got 0x%x", tag,
+ if (content->buf[p->offset] != tag)
+ pr_crit("Expected tag 0x%x, got 0x%x", tag,
content->buf[p->offset]);
- }
if (p->remaining == 0)
- return pr_crit("Buffer seems to be truncated");
+ pr_crit("Buffer seems to be truncated");
p->offset++;
p->remaining--;
- return 0;
}
/**
* Skip the "TL" part of a TLV.
*/
-static int
+static void
skip_tl(ANY_t *content, struct progress *p, unsigned int tag)
{
ssize_t len_len; /* Length of the length field */
ber_tlv_len_t value_len; /* Length of the value */
- int error;
- error = skip_t(content, p, tag);
- if (error)
- return error;
+ skip_t(content, p, tag);
len_len = ber_fetch_length(true, &content->buf[p->offset], p->remaining,
&value_len);
if (len_len == -1)
- return pr_crit("Could not decipher length (Cause is unknown)");
+ pr_crit("Could not decipher length (Cause is unknown)");
if (len_len == 0)
- return pr_crit("Buffer seems to be truncated");
+ pr_crit("Buffer seems to be truncated");
p->offset += len_len;
p->remaining -= len_len;
- return 0;
}
-static int
+static void
skip_tlv(ANY_t *content, struct progress *p, unsigned int tag)
{
int is_constructed;
int skip;
- int error;
is_constructed = BER_TLV_CONSTRUCTED(&content->buf[p->offset]);
- error = skip_t(content, p, tag);
- if (error)
- return error;
+ skip_t(content, p, tag);
skip = ber_skip_length(NULL, is_constructed, &content->buf[p->offset],
p->remaining);
if (skip == -1)
- return pr_crit("Could not skip length (Cause is unknown)");
+ pr_crit("Could not skip length (Cause is unknown)");
if (skip == 0)
- return pr_crit("Buffer seems to be truncated");
+ pr_crit("Buffer seems to be truncated");
p->offset += skip;
p->remaining -= skip;
- return 0;
}
/**
ber_tlv_len_t size;
};
-static int
+static void
find_signedAttrs(ANY_t *signedData, struct encoded_signedAttrs *result)
{
#define INTEGER_TAG 0x02
#define SET_TAG 0x31
struct progress p;
- int error;
ssize_t len_len;
/* Reference: rfc5652-12.1.asn1 */
p.remaining = signedData->size;
/* SignedData: SEQUENCE */
- error = skip_tl(signedData, &p, SEQUENCE_TAG);
- if (error)
- return error;
+ skip_tl(signedData, &p, SEQUENCE_TAG);
/* SignedData.version: CMSVersion -> INTEGER */
- error = skip_tlv(signedData, &p, INTEGER_TAG);
- if (error)
- return error;
+ skip_tlv(signedData, &p, INTEGER_TAG);
/* SignedData.digestAlgorithms: DigestAlgorithmIdentifiers -> SET */
- error = skip_tlv(signedData, &p, SET_TAG);
- if (error)
- return error;
+ skip_tlv(signedData, &p, SET_TAG);
/* SignedData.encapContentInfo: EncapsulatedContentInfo -> SEQUENCE */
- error = skip_tlv(signedData, &p, SEQUENCE_TAG);
- if (error)
- return error;
+ skip_tlv(signedData, &p, SEQUENCE_TAG);
/* SignedData.certificates: CertificateSet -> SET */
- error = skip_tlv(signedData, &p, 0xA0);
- if (error)
- return error;
+ skip_tlv(signedData, &p, 0xA0);
/* SignedData.signerInfos: SignerInfos -> SET OF SEQUENCE */
- error = skip_tl(signedData, &p, SET_TAG);
- if (error)
- return error;
- error = skip_tl(signedData, &p, SEQUENCE_TAG);
- if (error)
- return error;
+ skip_tl(signedData, &p, SET_TAG);
+ skip_tl(signedData, &p, SEQUENCE_TAG);
/* SignedData.signerInfos.version: CMSVersion -> INTEGER */
- error = skip_tlv(signedData, &p, INTEGER_TAG);
- if (error)
- return error;
+ skip_tlv(signedData, &p, INTEGER_TAG);
/*
* SignedData.signerInfos.sid: SignerIdentifier -> CHOICE -> always
* subjectKeyIdentifier, which is a [0].
*/
- error = skip_tlv(signedData, &p, 0x80);
- if (error)
- return error;
+ skip_tlv(signedData, &p, 0x80);
/* SignedData.signerInfos.digestAlgorithm: DigestAlgorithmIdentifier
* -> AlgorithmIdentifier -> SEQUENCE */
- error = skip_tlv(signedData, &p, SEQUENCE_TAG);
- if (error)
- return error;
+ skip_tlv(signedData, &p, SEQUENCE_TAG);
/* SignedData.signerInfos.signedAttrs: SignedAttributes -> SET */
/* We will need to replace the tag 0xA0 with 0x31, so skip it as well */
- error = skip_t(signedData, &p, 0xA0);
- if (error)
- return error;
+ skip_t(signedData, &p, 0xA0);
result->buffer = &signedData->buf[p.offset];
len_len = ber_fetch_length(true, result->buffer,
p.remaining, &result->size);
if (len_len == -1)
- return pr_crit("Could not decipher length (Cause is unknown)");
+ pr_crit("Could not decipher length (Cause is unknown)");
if (len_len == 0)
- return pr_crit("Buffer seems to be truncated");
+ pr_crit("Buffer seems to be truncated");
result->size += len_len;
-
- return 0;
}
/*
* Second option it is.
*/
- error = find_signedAttrs(signedData, &signedAttrs);
- if (error)
- goto end;
+ find_signedAttrs(signedData, &signedAttrs);
error = EVP_DigestVerifyUpdate(ctx, &EXPLICIT_SET_OF_TAG,
sizeof(EXPLICIT_SET_OF_TAG));
"8360", "6484");
}
- return pr_crit("Unknown policy: %u", policy);
+ pr_crit("Unknown policy: %u", policy);
}
static bool
/* rfc6482#section-3.3 */
if (roa->ipAddrBlocks.list.array == NULL)
- return pr_crit("ipAddrBlocks array is NULL.");
+ pr_crit("ipAddrBlocks array is NULL.");
for (b = 0; b < roa->ipAddrBlocks.list.count; b++) {
block = roa->ipAddrBlocks.list.array[b];
goto fail; /* Reject the TAL. */
}
- error = pr_crit("Unknown public key state: %u",
+ pr_crit("Unknown public key state: %u",
validation_pubkey_state(state));
- goto fail;
}
/*
* From now on, the tree should be considered valid, even if subsequent
* certificates fail.
* (the root validated successfully; subtrees are isolated problems.)
- * Only critical errors should trigger negative result codes.
*/
/* Handle every other certificate. */
certstack = validation_certstack(state);
- if (certstack == NULL) {
- error = pr_crit("Validation state has no certificate stack");
- goto fail;
- }
+ if (certstack == NULL)
+ pr_crit("Validation state has no certificate stack");
do {
error = deferstack_pop(certstack, &deferred);
/* No more certificates left; we're done. */
error = 1;
goto end;
- }
- if (error) /* All other errors are critical, currently */
- goto fail;
+ } else if (error) /* All other errors are critical, currently */
+ pr_crit("deferstack_pop() returned illegal %d.", error);
/*
* Ignore result code; remaining certificates are unrelated,
parent = get_parent_resources();
if (parent == NULL)
- return pr_crit("Parent has no resources.");
+ pr_crit("Parent has no resources.");
switch (family) {
case AF_INET:
return 0;
}
- return pr_crit("Unknown address family '%d'", family);
+ pr_crit("Unknown address family '%d'", family);
}
static int
return add_prefix6(resources, addr);
}
- return pr_crit("Unknown address family '%d'", family);
+ pr_crit("Unknown address family '%d'", family);
}
static int
return add_range6(resources, range);
}
- return pr_crit("Unknown address family '%d'", family);
+ pr_crit("Unknown address family '%d'", family);
}
static int
parent = get_parent_resources();
if (parent == NULL)
- return pr_crit("Parent has no resources.");
+ pr_crit("Parent has no resources.");
if (resources->asns != NULL)
return pr_err("Certificate inherits ASN resources while also defining others of its own.");
case SYNC_STRICT:
return handle_strict_strategy(requested_uri, rsync_uri);
case SYNC_OFF:
- return pr_crit("Supposedly unreachable code reached.");
+ break;
}
- return pr_crit("Unknown sync strategy: %u", config_get_sync_strategy());
+ pr_crit("Invalid sync strategy: %u", config_get_sync_strategy());
}
static int
return deltas_v4_add(&deltas->v4.removes, &delta);
}
- return pr_crit("Unknown delta operation: %d", op);
+ pr_crit("Unknown delta operation: %d", op);
}
int
return deltas_v6_add(&deltas->v6.removes, &delta);
}
- return pr_crit("Unknown delta operation: %d", op);
+ pr_crit("Unknown delta operation: %d", op);
}
bool
return rtrhandler_handle_roa_v6(dst, vrp.asn, &prefix6,
vrp.max_prefix_length);
}
- return pr_crit("Unknown address family: %d", vrp.addr_fam);
+
+ pr_crit("Unknown address family: %d", vrp.addr_fam);
}
int
return deltas_add_roa_v6(deltas, roa->data.asn, &addr.v6, op);
}
- return pr_crit("Unknown address family: %d", roa->data.addr_fam);
+ pr_crit("Unknown address family: %d", roa->data.addr_fam);
}
/*
len = serialize_serial_notify_pdu(&pdu, data);
if (len != RTRPDU_SERIAL_NOTIFY_LEN)
- return pr_crit("Serialized Serial Notify is %zu bytes.", len);
+ pr_crit("Serialized Serial Notify is %zu bytes.", len);
return send_response(fd, data, len);
}
len = serialize_cache_reset_pdu(&pdu, data);
if (len != RTRPDU_CACHE_RESET_LEN)
- return pr_crit("Serialized Cache Reset is %zu bytes.", len);
+ pr_crit("Serialized Cache Reset is %zu bytes.", len);
return send_response(fd, data, len);
}
len = serialize_cache_response_pdu(&pdu, data);
if (len != RTRPDU_CACHE_RESPONSE_LEN)
- return pr_crit("Serialized Cache Response is %zu bytes.", len);
+ pr_crit("Serialized Cache Response is %zu bytes.", len);
return send_response(fd, data, len);
}
len = serialize_ipv4_prefix_pdu(&pdu, data);
if (len != RTRPDU_IPV4_PREFIX_LEN)
- return pr_crit("Serialized IPv4 Prefix is %zu bytes.", len);
+ pr_crit("Serialized IPv4 Prefix is %zu bytes.", len);
return send_response(fd, data, len);
}
len = serialize_ipv6_prefix_pdu(&pdu, data);
if (len != RTRPDU_IPV6_PREFIX_LEN)
- return pr_crit("Serialized IPv6 Prefix is %zu bytes.", len);
+ pr_crit("Serialized IPv6 Prefix is %zu bytes.", len);
return send_response(fd, data, len);
}
len = serialize_end_of_data_pdu(&pdu, data);
if (len != RTRPDU_END_OF_DATA_LEN)
- return pr_crit("Serialized End of Data is %zu bytes.", len);
+ pr_crit("Serialized End of Data is %zu bytes.", len);
error = send_response(fd, data, len);
if (error)
return pr_enomem();
len = serialize_error_report_pdu(&pdu, data);
- if (len != pdu.header.length) {
- error = pr_crit("Serialized Error Report PDU is %zu bytes, not the expected %u.",
+ if (len != pdu.header.length)
+ pr_crit("Serialized Error Report PDU is %zu bytes, not the expected %u.",
len, pdu.header.length);
- goto end;
- }
error = send_response(fd, data, len);
-end:
free(data);
return error;
}
return read_exact(fd, reader->buffer, size, allow_eof);
}
-static int
+__dead static void
insufficient_bytes(void)
{
pr_crit("Attempted to read past the end of a PDU Reader.");
- return -EPIPE;
}
int
read_int8(struct pdu_reader *reader, uint8_t *result)
{
if (reader->size < 1)
- return insufficient_bytes();
+ insufficient_bytes();
*result = reader->buffer[0];
reader->buffer++;
read_int16(struct pdu_reader *reader, uint16_t *result)
{
if (reader->size < 2)
- return insufficient_bytes();
+ insufficient_bytes();
*result = (((uint16_t)reader->buffer[0]) << 8)
| (((uint16_t)reader->buffer[1]) );
read_int32(struct pdu_reader *reader, uint32_t *result)
{
if (reader->size < 4)
- return insufficient_bytes();
+ insufficient_bytes();
*result = (((uint32_t)reader->buffer[0]) << 24)
| (((uint32_t)reader->buffer[1]) << 16)
read_bytes(struct pdu_reader *reader, unsigned char *result, size_t num)
{
if (reader->size < num)
- return insufficient_bytes();
+ insufficient_bytes();
memcpy(result, reader->buffer, num);
reader->buffer += num;
static int
join_thread(pthread_t tid, void *arg)
{
- return close_thread(tid, "Client");
+ close_thread(tid, "Client");
+ return 0;
}
/*
return rtrhandler_handle_roa_v6(table, vrp.asn, &prefix6,
vrp.max_prefix_length);
}
- return -pr_crit("Unkown addr family type");
+
+ pr_crit("Unkown addr family type: %u", vrp.addr_fam);
}
static int
return -EINTERSECTION;
}
- return pr_crit("Unknown comparison value: %u", cmp);
+ pr_crit("Unknown comparison value: %u", cmp);
}
int
}
pr_crit("Unknown comparison value: %u", cmp);
- return false;
}
return false;
void
updates_daemon_destroy(void)
{
- /* Not much to do with the error code. */
close_thread(thread, "Validation");
}
}
pr_crit("Unknown file name format: %u", format);
- return uri->global;
}
return -EINVAL;
handler = validation_get_validation_handler(state);
if (handler == NULL)
- return pr_crit("This thread lacks a validation handler.");
+ pr_crit("This thread lacks a validation handler.");
*result = handler;
return 0;
projects / thirdparty / FORT-validator.git / commitdiff
