Cleanup/simplify ssl_cert_type()

Remove the X509 argument as it is unused - this was passed so that
ssl_cert_type() can get the public key from the X509 object if the
EVP_PKEY argument is NULL, however this is never the case.

ok tb@

diff --git a/lib/libssl/ssl_both.c b/lib/libssl/ssl_both.c
index 9894648..ad16d21 100644 (file)
--- a/lib/libssl/ssl_both.c
+++ b/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_both.c,v 1.40 2022/01/08 12:43:44 jsing Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.41 2022/02/03 16:33:12 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -522,32 +522,22 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max)
 }
 
 int
-ssl_cert_type(X509 *x, EVP_PKEY *pkey)
+ssl_cert_type(EVP_PKEY *pkey)
 {
-       EVP_PKEY *pk;
-       int ret = -1, i;
-
        if (pkey == NULL)
-               pk = X509_get_pubkey(x);
-       else
-               pk = pkey;
-       if (pk == NULL)
-               goto err;
-
-       i = EVP_PKEY_id(pk);
-       if (i == EVP_PKEY_RSA) {
-               ret = SSL_PKEY_RSA;
-       } else if (i == EVP_PKEY_EC) {
-               ret = SSL_PKEY_ECC;
-       } else if (i == NID_id_GostR3410_2001 ||
-           i == NID_id_GostR3410_2001_cc) {
-               ret = SSL_PKEY_GOST01;
+               return -1;
+
+       switch (EVP_PKEY_id(pkey)) {
+       case EVP_PKEY_EC:
+               return SSL_PKEY_ECC;
+       case NID_id_GostR3410_2001:
+       case NID_id_GostR3410_2001_cc:
+               return SSL_PKEY_GOST01;
+       case EVP_PKEY_RSA:
+               return SSL_PKEY_RSA;
        }
 
- err:
-       if (!pkey)
-               EVP_PKEY_free(pk);
-       return (ret);
+       return -1;
 }
 
 int

diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index a402535..6d50ade 100644 (file)
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.139 2022/01/24 13:53:29 tb Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.140 2022/02/03 16:33:12 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1166,7 +1166,7 @@ ssl3_get_server_certificate(SSL *s)
                SSLerror(s, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
                goto fatal_err;
        }
-       if ((cert_type = ssl_cert_type(x, pkey)) < 0) {
+       if ((cert_type = ssl_cert_type(pkey)) < 0) {
                x = NULL;
                al = SSL3_AL_FATAL;
                SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE);

diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 546854b..ee64ec2 100644 (file)
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.383 2022/01/11 19:03:15 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.384 2022/02/03 16:33:12 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1310,7 +1310,7 @@ SSL_CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
 EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd,
     const struct ssl_sigalg **sap);
 size_t ssl_dhe_params_auto_key_bits(SSL *s);
-int ssl_cert_type(X509 *x, EVP_PKEY *pkey);
+int ssl_cert_type(EVP_PKEY *pkey);
 void ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher);
 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 int ssl_has_ecc_ciphers(SSL *s);

diff --git a/lib/libssl/ssl_rsa.c b/lib/libssl/ssl_rsa.c
index 6b1010e..f5c90fc 100644 (file)
--- a/lib/libssl/ssl_rsa.c
+++ b/lib/libssl/ssl_rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_rsa.c,v 1.38 2022/01/08 12:43:44 jsing Exp $ */
+/* $OpenBSD: ssl_rsa.c,v 1.39 2022/02/03 16:33:12 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -171,7 +171,7 @@ ssl_set_pkey(SSL_CERT *c, EVP_PKEY *pkey)
 {
        int i;
 
-       i = ssl_cert_type(NULL, pkey);
+       i = ssl_cert_type(pkey);
        if (i < 0) {
                SSLerrorx(SSL_R_UNKNOWN_CERTIFICATE_TYPE);
                return (0);
@@ -354,7 +354,7 @@ ssl_set_cert(SSL_CERT *c, X509 *x)
                return (0);
        }
 
-       i = ssl_cert_type(x, pkey);
+       i = ssl_cert_type(pkey);
        if (i < 0) {
                SSLerrorx(SSL_R_UNKNOWN_CERTIFICATE_TYPE);
                EVP_PKEY_free(pkey);

diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c
index 4b52f6c..11eb880 100644 (file)
--- a/lib/libssl/tls13_client.c
+++ b/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.93 2022/01/11 19:03:15 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.94 2022/02/03 16:33:12 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -625,7 +625,7 @@ tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
                goto err;
        if (EVP_PKEY_missing_parameters(pkey))
                goto err;
-       if ((cert_type = ssl_cert_type(cert, pkey)) < 0)
+       if ((cert_type = ssl_cert_type(pkey)) < 0)
                goto err;
 
        X509_up_ref(cert);

diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c
index 10e4910..4ac84a8 100644 (file)
--- a/lib/libssl/tls13_server.c
+++ b/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.95 2022/01/11 19:03:15 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.96 2022/02/03 16:33:12 jsing Exp $ */
 /*
  * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -918,7 +918,7 @@ tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
                goto err;
        if (EVP_PKEY_missing_parameters(pkey))
                goto err;
-       if ((cert_type = ssl_cert_type(cert, pkey)) < 0)
+       if ((cert_type = ssl_cert_type(pkey)) < 0)
                goto err;
 
        X509_up_ref(cert);