diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2018-05-30 15:59:34 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2018-05-30 15:59:34 +0000 |
| commit | daabf6842582ab6388e311088a7a4ad4d4a25790 (patch) | |
| tree | b8ebfd4af522c4e5b5caafd5504437195bfd7611 /lib/libcrypto | |
| parent | a83ae1ef3a20d56bc7b186d26029748755da1811 (diff) | |
Add const to both arguments of X509_certificate_type() and clean up
a little:
Use X509_get0_pubkey() in place of X509_get_pubkey() and EVP_PKEY_free().
Check return value of the former in the appropriate place and simplify the
logic for dealing with the potentially NULL pkey argument (includes a neat
tweak from jsing). Finally, kill an ugly comment that has been rotting for
twenty years and merge the lines around it.
tested in a bulk build by sthen
ok jsing
Diffstat (limited to 'lib/libcrypto')
| -rw-r--r-- | lib/libcrypto/x509/x509.h | 4 | ||||
| -rw-r--r-- | lib/libcrypto/x509/x509type.c | 23 |
2 files changed, 10 insertions, 17 deletions
diff --git a/lib/libcrypto/x509/x509.h b/lib/libcrypto/x509/x509.h index 29e00d7a5bb..ed6225997aa 100644 --- a/lib/libcrypto/x509/x509.h +++ b/lib/libcrypto/x509/x509.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.h,v 1.68 2018/05/30 15:35:45 tb Exp $ */ +/* $OpenBSD: x509.h,v 1.69 2018/05/30 15:59:33 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1002,7 +1002,7 @@ int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); EVP_PKEY * X509_get_pubkey(X509 *x); EVP_PKEY * X509_get0_pubkey(const X509 *x); ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); -int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */); +int X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey); int X509_REQ_set_version(X509_REQ *x,long version); int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name); diff --git a/lib/libcrypto/x509/x509type.c b/lib/libcrypto/x509/x509type.c index d0dcffb2905..315a5c2326f 100644 --- a/lib/libcrypto/x509/x509type.c +++ b/lib/libcrypto/x509/x509type.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509type.c,v 1.12 2015/06/13 08:38:10 doug Exp $ */ +/* $OpenBSD: x509type.c,v 1.13 2018/05/30 15:59:33 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,27 +63,22 @@ #include <openssl/x509.h> int -X509_certificate_type(X509 *x, EVP_PKEY *pkey) +X509_certificate_type(const X509 *x, const EVP_PKEY *pkey) { - EVP_PKEY *pk; + const EVP_PKEY *pk = pkey; int ret = 0, i; if (x == NULL) return (0); - if (pkey == NULL) - pk = X509_get_pubkey(x); - else - pk = pkey; - - if (pk == NULL) - return (0); + if (pk == NULL) { + if ((pk = X509_get0_pubkey(x)) == NULL) + return (0); + } switch (pk->type) { case EVP_PKEY_RSA: - ret = EVP_PK_RSA|EVP_PKT_SIGN; -/* if (!sign only extension) */ - ret |= EVP_PKT_ENC; + ret = EVP_PK_RSA|EVP_PKT_SIGN|EVP_PKT_ENC; break; case EVP_PKEY_DSA: ret = EVP_PK_DSA|EVP_PKT_SIGN; @@ -124,7 +119,5 @@ X509_certificate_type(X509 *x, EVP_PKEY *pkey) /* /8 because it's 1024 bits we look for, not bytes */ if (EVP_PKEY_size(pk) <= 1024 / 8) ret |= EVP_PKT_EXP; - if (pkey == NULL) - EVP_PKEY_free(pk); return (ret); } |