const for X509_certificate_type()

Theo Buehler Wed, 30 May 2018 01:32:19 -0700

Here's one that is not entirely trivial. This needs my previous diff
because of EVP_PKEY_size().


Instead of using the refcounting in X509_get_pubkey() and
EVP_PKEY_free(), use X509_get0_pubkey() and check its return value in
the proper place. Zap an ugly comment that lived for 20 years and
simplify a bit.

Index: lib/libcrypto/x509/x509.h
===================================================================
RCS file: /var/cvs/src/lib/libcrypto/x509/x509.h,v
retrieving revision 1.67
diff -u -p -r1.67 x509.h
--- lib/libcrypto/x509/x509.h   19 May 2018 10:58:08 -0000      1.67
+++ lib/libcrypto/x509/x509.h   30 May 2018 08:16:13 -0000
@@ -1002,7 +1002,7 @@ int               X509_set_pubkey(X509 *x, EVP_PKEY 
 EVP_PKEY *     X509_get_pubkey(X509 *x);
 EVP_PKEY *     X509_get0_pubkey(const X509 *x);
 ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
-int            X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
+int            X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey);
 
 int            X509_REQ_set_version(X509_REQ *x,long version);
 int            X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
Index: lib/libcrypto/x509/x509type.c
===================================================================
RCS file: /var/cvs/src/lib/libcrypto/x509/x509type.c,v
retrieving revision 1.12
diff -u -p -r1.12 x509type.c
--- lib/libcrypto/x509/x509type.c       13 Jun 2015 08:38:10 -0000      1.12
+++ lib/libcrypto/x509/x509type.c       30 May 2018 08:16:13 -0000
@@ -63,27 +63,23 @@
 #include <openssl/x509.h>
 
 int
-X509_certificate_type(X509 *x, EVP_PKEY *pkey)
+X509_certificate_type(const X509 *x, const EVP_PKEY *pkey)
 {
-       EVP_PKEY *pk;
+       const EVP_PKEY *pk;
        int ret = 0, i;
 
        if (x == NULL)
                return (0);
 
-       if (pkey == NULL)
-               pk = X509_get_pubkey(x);
-       else
+       if (pkey == NULL) {
+               if ((pk = X509_get0_pubkey(x)) == NULL)
+                       return (0);
+       } else
                pk = pkey;
 
-       if (pk == NULL)
-               return (0);
-
        switch (pk->type) {
        case EVP_PKEY_RSA:
-               ret = EVP_PK_RSA|EVP_PKT_SIGN;
-/*             if (!sign only extension) */
-               ret |= EVP_PKT_ENC;
+               ret = EVP_PK_RSA|EVP_PKT_SIGN|EVP_PKT_ENC;
                break;
        case EVP_PKEY_DSA:
                ret = EVP_PK_DSA|EVP_PKT_SIGN;
@@ -124,7 +120,5 @@ X509_certificate_type(X509 *x, EVP_PKEY 
        /* /8 because it's 1024 bits we look for, not bytes */
        if (EVP_PKEY_size(pk) <= 1024 / 8)
                ret |= EVP_PKT_EXP;
-       if (pkey == NULL)
-               EVP_PKEY_free(pk);
        return (ret);
 }

const for X509_certificate_type()

Reply via email to