Add const to both arguments of X509_certificate_type() and clean up

a little: Use X509_get0_pubkey() in place of X509_get_pubkey() and EVP_PKEY_free(). Check return value of the former in the appropriate place and simplify the logic for dealing with the potentially NULL pkey argument (includes a neat tweak from jsing). Finally, kill an ugly comment that has been rotting for twenty years and merge the lines around it. tested in a bulk build by sthen ok jsing
author: tb <> 2018-05-30 15:59:33 +0000
committer: tb <> 2018-05-30 15:59:33 +0000
commit: 60382f7d19bb7b7087eb92001a800a712bcc4f4a (patch)
tree: 1da781cec26d49a1339bb21bf801177950d2a9e3
parent: ab8347d6b3d1d095f308d5d9bde3c6bc7e2a6db6 (diff)
download: openbsd-60382f7d19bb7b7087eb92001a800a712bcc4f4a.tar.gz
openbsd-60382f7d19bb7b7087eb92001a800a712bcc4f4a.tar.bz2
openbsd-60382f7d19bb7b7087eb92001a800a712bcc4f4a.zip
2 files changed, 10 insertions, 17 deletions
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index 29e00d7a5b..ed6225997a 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.h,v 1.68 2018/05/30 15:35:45 tb Exp $ */
+/* $OpenBSD: x509.h,v 1.69 2018/05/30 15:59:33 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1002,7 +1002,7 @@ int 		X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
 EVP_PKEY *      X509_get_pubkey(X509 *x);
 EVP_PKEY *      X509_get0_pubkey(const X509 *x);
 ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
-int             X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
+int             X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey);
 int             X509_REQ_set_version(X509_REQ *x,long version);
 int             X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
diff --git a/src/lib/libcrypto/x509/x509type.c b/src/lib/libcrypto/x509/x509type.c
index d0dcffb290..315a5c2326 100644
--- a/src/lib/libcrypto/x509/x509type.c
+++ b/src/lib/libcrypto/x509/x509type.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509type.c,v 1.12 2015/06/13 08:38:10 doug Exp $ */
+/* $OpenBSD: x509type.c,v 1.13 2018/05/30 15:59:33 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -63,27 +63,22 @@
 #include <openssl/x509.h>
 int
-X509_certificate_type(X509 *x, EVP_PKEY *pkey)
+X509_certificate_type(const X509 *x, const EVP_PKEY *pkey)
 {
-        EVP_PKEY *pk;
+        const EVP_PKEY *pk = pkey;
        int ret = 0, i;
        if (x == NULL)
                return (0);
-        if (pkey == NULL)
+        if (pk == NULL) {
-                pk = X509_get_pubkey(x);
+                if ((pk = X509_get0_pubkey(x)) == NULL)
-        else
+                        return (0);
-                pk = pkey;
+        }
-        if (pk == NULL)
-                return (0);
        switch (pk->type) {
        case EVP_PKEY_RSA:
-                ret = EVP_PK_RSA|EVP_PKT_SIGN;
+                ret = EVP_PK_RSA|EVP_PKT_SIGN|EVP_PKT_ENC;
-/*              if (!sign only extension) */
-                ret |= EVP_PKT_ENC;
                break;
        case EVP_PKEY_DSA:
                ret = EVP_PK_DSA|EVP_PKT_SIGN;
@@ -124,7 +119,5 @@ X509_certificate_type(X509 *x, EVP_PKEY *pkey)
        /* /8 because it's 1024 bits we look for, not bytes */
        if (EVP_PKEY_size(pk) <= 1024 / 8)
                ret |= EVP_PKT_EXP;
-        if (pkey == NULL)
-                EVP_PKEY_free(pk);
        return (ret);
 }
author	tb <>	2018-05-30 15:59:33 +0000
committer	tb <>	2018-05-30 15:59:33 +0000
commit	60382f7d19bb7b7087eb92001a800a712bcc4f4a (patch)
tree	1da781cec26d49a1339bb21bf801177950d2a9e3
parent	ab8347d6b3d1d095f308d5d9bde3c6bc7e2a6db6 (diff)
download	openbsd-60382f7d19bb7b7087eb92001a800a712bcc4f4a.tar.gz openbsd-60382f7d19bb7b7087eb92001a800a712bcc4f4a.tar.bz2 openbsd-60382f7d19bb7b7087eb92001a800a712bcc4f4a.zip