From e7fd08e8b66721ccf5d42295648f7ceab59db864 Mon Sep 17 00:00:00 2001 From: jsing Date: Thu, 3 Feb 2022 16:33:12 +0000 Subject: [PATCH] Cleanup/simplify ssl_cert_type() Remove the X509 argument as it is unused - this was passed so that ssl_cert_type() can get the public key from the X509 object if the EVP_PKEY argument is NULL, however this is never the case. ok tb@ --- lib/libssl/ssl_both.c | 36 +++++++++++++----------------------- lib/libssl/ssl_clnt.c | 4 ++-- lib/libssl/ssl_locl.h | 4 ++-- lib/libssl/ssl_rsa.c | 6 +++--- lib/libssl/tls13_client.c | 4 ++-- lib/libssl/tls13_server.c | 4 ++-- 6 files changed, 24 insertions(+), 34 deletions(-) diff --git a/lib/libssl/ssl_both.c b/lib/libssl/ssl_both.c index 9894648db85..ad16d2175b5 100644 --- a/lib/libssl/ssl_both.c +++ b/lib/libssl/ssl_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_both.c,v 1.40 2022/01/08 12:43:44 jsing Exp $ */ +/* $OpenBSD: ssl_both.c,v 1.41 2022/02/03 16:33:12 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -522,32 +522,22 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max) } int -ssl_cert_type(X509 *x, EVP_PKEY *pkey) +ssl_cert_type(EVP_PKEY *pkey) { - EVP_PKEY *pk; - int ret = -1, i; - if (pkey == NULL) - pk = X509_get_pubkey(x); - else - pk = pkey; - if (pk == NULL) - goto err; - - i = EVP_PKEY_id(pk); - if (i == EVP_PKEY_RSA) { - ret = SSL_PKEY_RSA; - } else if (i == EVP_PKEY_EC) { - ret = SSL_PKEY_ECC; - } else if (i == NID_id_GostR3410_2001 || - i == NID_id_GostR3410_2001_cc) { - ret = SSL_PKEY_GOST01; + return -1; + + switch (EVP_PKEY_id(pkey)) { + case EVP_PKEY_EC: + return SSL_PKEY_ECC; + case NID_id_GostR3410_2001: + case NID_id_GostR3410_2001_cc: + return SSL_PKEY_GOST01; + case EVP_PKEY_RSA: + return SSL_PKEY_RSA; } - err: - if (!pkey) - EVP_PKEY_free(pk); - return (ret); + return -1; } int diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index a402535c7dc..6d50ade3987 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.139 2022/01/24 13:53:29 tb Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.140 2022/02/03 16:33:12 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1166,7 +1166,7 @@ ssl3_get_server_certificate(SSL *s) SSLerror(s, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); goto fatal_err; } - if ((cert_type = ssl_cert_type(x, pkey)) < 0) { + if ((cert_type = ssl_cert_type(pkey)) < 0) { x = NULL; al = SSL3_AL_FATAL; SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE); diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 546854b4628..ee64ec208ef 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.383 2022/01/11 19:03:15 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.384 2022/02/03 16:33:12 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1310,7 +1310,7 @@ SSL_CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd, const struct ssl_sigalg **sap); size_t ssl_dhe_params_auto_key_bits(SSL *s); -int ssl_cert_type(X509 *x, EVP_PKEY *pkey); +int ssl_cert_type(EVP_PKEY *pkey); void ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher); STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); int ssl_has_ecc_ciphers(SSL *s); diff --git a/lib/libssl/ssl_rsa.c b/lib/libssl/ssl_rsa.c index 6b1010e4132..f5c90fca8b2 100644 --- a/lib/libssl/ssl_rsa.c +++ b/lib/libssl/ssl_rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_rsa.c,v 1.38 2022/01/08 12:43:44 jsing Exp $ */ +/* $OpenBSD: ssl_rsa.c,v 1.39 2022/02/03 16:33:12 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -171,7 +171,7 @@ ssl_set_pkey(SSL_CERT *c, EVP_PKEY *pkey) { int i; - i = ssl_cert_type(NULL, pkey); + i = ssl_cert_type(pkey); if (i < 0) { SSLerrorx(SSL_R_UNKNOWN_CERTIFICATE_TYPE); return (0); @@ -354,7 +354,7 @@ ssl_set_cert(SSL_CERT *c, X509 *x) return (0); } - i = ssl_cert_type(x, pkey); + i = ssl_cert_type(pkey); if (i < 0) { SSLerrorx(SSL_R_UNKNOWN_CERTIFICATE_TYPE); EVP_PKEY_free(pkey); diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c index 4b52f6cf627..11eb880a6ef 100644 --- a/lib/libssl/tls13_client.c +++ b/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.93 2022/01/11 19:03:15 jsing Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.94 2022/02/03 16:33:12 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -625,7 +625,7 @@ tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs) goto err; if (EVP_PKEY_missing_parameters(pkey)) goto err; - if ((cert_type = ssl_cert_type(cert, pkey)) < 0) + if ((cert_type = ssl_cert_type(pkey)) < 0) goto err; X509_up_ref(cert); diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c index 10e49104d44..4ac84a808c0 100644 --- a/lib/libssl/tls13_server.c +++ b/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.95 2022/01/11 19:03:15 jsing Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.96 2022/02/03 16:33:12 jsing Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing * Copyright (c) 2020 Bob Beck @@ -918,7 +918,7 @@ tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs) goto err; if (EVP_PKEY_missing_parameters(pkey)) goto err; - if ((cert_type = ssl_cert_type(cert, pkey)) < 0) + if ((cert_type = ssl_cert_type(pkey)) < 0) goto err; X509_up_ref(cert); -- 2.20.1