summaryrefslogtreecommitdiff
path: root/lib/libssl
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2022-02-03 16:33:13 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2022-02-03 16:33:13 +0000
commit3b56f13ac02b7de6a26ff1017b59182743dc13d3 (patch)
treea928bca0cb92d0424f83f167dc1eff84202e5fa6 /lib/libssl
parent5a2784fe64d68f6ae98d852fe169a999bfd8ea03 (diff)
Cleanup/simplify ssl_cert_type()
Remove the X509 argument as it is unused - this was passed so that ssl_cert_type() can get the public key from the X509 object if the EVP_PKEY argument is NULL, however this is never the case. ok tb@
Diffstat (limited to 'lib/libssl')
-rw-r--r--lib/libssl/ssl_both.c36
-rw-r--r--lib/libssl/ssl_clnt.c4
-rw-r--r--lib/libssl/ssl_locl.h4
-rw-r--r--lib/libssl/ssl_rsa.c6
-rw-r--r--lib/libssl/tls13_client.c4
-rw-r--r--lib/libssl/tls13_server.c4
6 files changed, 24 insertions, 34 deletions
diff --git a/lib/libssl/ssl_both.c b/lib/libssl/ssl_both.c
index 9894648db85..ad16d2175b5 100644
--- a/lib/libssl/ssl_both.c
+++ b/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_both.c,v 1.40 2022/01/08 12:43:44 jsing Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.41 2022/02/03 16:33:12 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -522,32 +522,22 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max)
}
int
-ssl_cert_type(X509 *x, EVP_PKEY *pkey)
+ssl_cert_type(EVP_PKEY *pkey)
{
- EVP_PKEY *pk;
- int ret = -1, i;
-
if (pkey == NULL)
- pk = X509_get_pubkey(x);
- else
- pk = pkey;
- if (pk == NULL)
- goto err;
-
- i = EVP_PKEY_id(pk);
- if (i == EVP_PKEY_RSA) {
- ret = SSL_PKEY_RSA;
- } else if (i == EVP_PKEY_EC) {
- ret = SSL_PKEY_ECC;
- } else if (i == NID_id_GostR3410_2001 ||
- i == NID_id_GostR3410_2001_cc) {
- ret = SSL_PKEY_GOST01;
+ return -1;
+
+ switch (EVP_PKEY_id(pkey)) {
+ case EVP_PKEY_EC:
+ return SSL_PKEY_ECC;
+ case NID_id_GostR3410_2001:
+ case NID_id_GostR3410_2001_cc:
+ return SSL_PKEY_GOST01;
+ case EVP_PKEY_RSA:
+ return SSL_PKEY_RSA;
}
- err:
- if (!pkey)
- EVP_PKEY_free(pk);
- return (ret);
+ return -1;
}
int
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index a402535c7dc..6d50ade3987 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.139 2022/01/24 13:53:29 tb Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.140 2022/02/03 16:33:12 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1166,7 +1166,7 @@ ssl3_get_server_certificate(SSL *s)
SSLerror(s, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
goto fatal_err;
}
- if ((cert_type = ssl_cert_type(x, pkey)) < 0) {
+ if ((cert_type = ssl_cert_type(pkey)) < 0) {
x = NULL;
al = SSL3_AL_FATAL;
SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 546854b4628..ee64ec208ef 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.383 2022/01/11 19:03:15 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.384 2022/02/03 16:33:12 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1310,7 +1310,7 @@ SSL_CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd,
const struct ssl_sigalg **sap);
size_t ssl_dhe_params_auto_key_bits(SSL *s);
-int ssl_cert_type(X509 *x, EVP_PKEY *pkey);
+int ssl_cert_type(EVP_PKEY *pkey);
void ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher);
STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
int ssl_has_ecc_ciphers(SSL *s);
diff --git a/lib/libssl/ssl_rsa.c b/lib/libssl/ssl_rsa.c
index 6b1010e4132..f5c90fca8b2 100644
--- a/lib/libssl/ssl_rsa.c
+++ b/lib/libssl/ssl_rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_rsa.c,v 1.38 2022/01/08 12:43:44 jsing Exp $ */
+/* $OpenBSD: ssl_rsa.c,v 1.39 2022/02/03 16:33:12 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -171,7 +171,7 @@ ssl_set_pkey(SSL_CERT *c, EVP_PKEY *pkey)
{
int i;
- i = ssl_cert_type(NULL, pkey);
+ i = ssl_cert_type(pkey);
if (i < 0) {
SSLerrorx(SSL_R_UNKNOWN_CERTIFICATE_TYPE);
return (0);
@@ -354,7 +354,7 @@ ssl_set_cert(SSL_CERT *c, X509 *x)
return (0);
}
- i = ssl_cert_type(x, pkey);
+ i = ssl_cert_type(pkey);
if (i < 0) {
SSLerrorx(SSL_R_UNKNOWN_CERTIFICATE_TYPE);
EVP_PKEY_free(pkey);
diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c
index 4b52f6cf627..11eb880a6ef 100644
--- a/lib/libssl/tls13_client.c
+++ b/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.93 2022/01/11 19:03:15 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.94 2022/02/03 16:33:12 jsing Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
*
@@ -625,7 +625,7 @@ tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
goto err;
if (EVP_PKEY_missing_parameters(pkey))
goto err;
- if ((cert_type = ssl_cert_type(cert, pkey)) < 0)
+ if ((cert_type = ssl_cert_type(pkey)) < 0)
goto err;
X509_up_ref(cert);
diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c
index 10e49104d44..4ac84a808c0 100644
--- a/lib/libssl/tls13_server.c
+++ b/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.95 2022/01/11 19:03:15 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.96 2022/02/03 16:33:12 jsing Exp $ */
/*
* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -918,7 +918,7 @@ tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
goto err;
if (EVP_PKEY_missing_parameters(pkey))
goto err;
- if ((cert_type = ssl_cert_type(cert, pkey)) < 0)
+ if ((cert_type = ssl_cert_type(pkey)) < 0)
goto err;
X509_up_ref(cert);