On Tue, Jan 18, 2022 at 05:20:45PM +0100, Theo Buehler wrote: > On Tue, Jan 18, 2022 at 04:16:17PM +0100, Claudio Jeker wrote: > > This diff cleans up cert.c a bit. > > > > It removes the X509 handle from cert_parse() and ta_parse(). Callers > > should instead use cert->x509. No need to double the work on us here. > > I never understood the point of this handle and I know I chased it down > several times since it confused me. Glad to see it go. > > > While there switch auth_insert() to a void function. This function can > > not fail. Again the result is simpler code in parser.c > > To save anton some work: the signature change of *_parse() will need > adjustments in regress. With those,
Will have a look. > > - if ((opk = X509_get_pubkey(*xp)) == NULL) > > + if ((opk = X509_get_pubkey(p->x509)) == NULL) > > You could switch this to X509_get0_pubkey() and get rid of the > EVP_PKEY_free(opk) a few lines down. > Like this? -- :wq Claudio Index: cert.c =================================================================== RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v retrieving revision 1.51 diff -u -p -r1.51 cert.c --- cert.c 18 Jan 2022 16:36:49 -0000 1.51 +++ cert.c 18 Jan 2022 16:38:15 -0000 @@ -1168,7 +1168,7 @@ ta_parse(const char *fn, const unsigned pk = d2i_PUBKEY(NULL, &pkey, pkeysz); assert(pk != NULL); - if ((opk = X509_get_pubkey(p->x509)) == NULL) + if ((opk = X509_get0_pubkey(p->x509)) == NULL) cryptowarnx("%s: RFC 6487 (trust anchor): " "missing pubkey", fn); else if (EVP_PKEY_cmp(pk, opk) != 1) @@ -1178,7 +1178,6 @@ ta_parse(const char *fn, const unsigned rc = 1; EVP_PKEY_free(pk); - EVP_PKEY_free(opk); } if (rc == 0) {