summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--usr.sbin/rpki-client/mft.c12
-rw-r--r--usr.sbin/rpki-client/roa.c4
2 files changed, 4 insertions, 12 deletions
diff --git a/usr.sbin/rpki-client/mft.c b/usr.sbin/rpki-client/mft.c
index cf7ab80188a..bcf3217abdc 100644
--- a/usr.sbin/rpki-client/mft.c
+++ b/usr.sbin/rpki-client/mft.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mft.c,v 1.66 2022/05/19 06:37:51 tb Exp $ */
+/* $OpenBSD: mft.c,v 1.67 2022/05/19 07:33:02 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@@ -225,8 +225,6 @@ mft_parse_filehash(struct parse *p, const FileAndHash *fh)
struct mftfile *fent;
enum rtype type;
- /* First is the filename itself. */
-
if (!valid_mft_filename(fh->file->data, fh->file->length)) {
warnx("%s: RFC 6486 section 4.2.2: bad filename", p->fn);
goto out;
@@ -235,8 +233,6 @@ mft_parse_filehash(struct parse *p, const FileAndHash *fh)
if (fn == NULL)
err(1, NULL);
- /* Now hash value. */
-
if (fh->hash->length != SHA256_DIGEST_LENGTH) {
warnx("%s: RFC 6486 section 4.2.1: hash: "
"invalid SHA256 length, have %d",
@@ -282,7 +278,7 @@ mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
goto out;
}
- /* Parse the optional version field */
+ /* Validate the optional version field */
if (mft->version != NULL) {
mft_version = ASN1_INTEGER_get(mft->version);
if (mft_version < 0) {
@@ -318,8 +314,6 @@ mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
if (!mft_parse_time(mft->thisUpdate, mft->nextUpdate, p))
goto out;
- /* File list algorithm. */
-
if (OBJ_obj2nid(mft->fileHashAlg) != NID_sha256) {
warnx("%s: RFC 6486 section 4.2.1: fileHashAlg: "
"want SHA256 object, have %s (NID %d)", p->fn,
@@ -328,8 +322,6 @@ mft_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
goto out;
}
- /* Now the sequence. */
-
if (sk_FileAndHash_num(mft->fileList) > MAX_MANIFEST_ENTRIES) {
warnx("%s: %d exceeds manifest entry limit (%d)", p->fn,
sk_FileAndHash_num(mft->fileList), MAX_MANIFEST_ENTRIES);
diff --git a/usr.sbin/rpki-client/roa.c b/usr.sbin/rpki-client/roa.c
index 56360efd37d..d9cb84838cb 100644
--- a/usr.sbin/rpki-client/roa.c
+++ b/usr.sbin/rpki-client/roa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: roa.c,v 1.43 2022/05/19 06:37:51 tb Exp $ */
+/* $OpenBSD: roa.c,v 1.44 2022/05/19 07:33:02 tb Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@@ -119,7 +119,7 @@ roa_parse_econtent(const unsigned char *d, size_t dsz, struct parse *p)
goto out;
}
- /* Parse the optional version field */
+ /* Validate the optional version field */
if (roa->version != NULL) {
roa_version = ASN1_INTEGER_get(roa->version);
if (roa_version < 0) {