On Tue, Jan 18, 2022 at 05:20:45PM +0100, Theo Buehler wrote:
> On Tue, Jan 18, 2022 at 04:16:17PM +0100, Claudio Jeker wrote:
> > This diff cleans up cert.c a bit.
> >
> > It removes the X509 handle from cert_parse() and ta_parse(). Callers
> > should instead use cert->x509. No need to double the work on us here.
>
> I never understood the point of this handle and I know I chased it down
> several times since it confused me. Glad to see it go.
>
> > While there switch auth_insert() to a void function. This function can
> > not fail. Again the result is simpler code in parser.c
>
> To save anton some work: the signature change of *_parse() will need
> adjustments in regress. With those,
Will have a look.
> > - if ((opk = X509_get_pubkey(*xp)) == NULL)
> > + if ((opk = X509_get_pubkey(p->x509)) == NULL)
>
> You could switch this to X509_get0_pubkey() and get rid of the
> EVP_PKEY_free(opk) a few lines down.
>
Like this?
--
:wq Claudio
Index: cert.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v
retrieving revision 1.51
diff -u -p -r1.51 cert.c
--- cert.c 18 Jan 2022 16:36:49 -0000 1.51
+++ cert.c 18 Jan 2022 16:38:15 -0000
@@ -1168,7 +1168,7 @@ ta_parse(const char *fn, const unsigned
pk = d2i_PUBKEY(NULL, &pkey, pkeysz);
assert(pk != NULL);
- if ((opk = X509_get_pubkey(p->x509)) == NULL)
+ if ((opk = X509_get0_pubkey(p->x509)) == NULL)
cryptowarnx("%s: RFC 6487 (trust anchor): "
"missing pubkey", fn);
else if (EVP_PKEY_cmp(pk, opk) != 1)
@@ -1178,7 +1178,6 @@ ta_parse(const char *fn, const unsigned
rc = 1;
EVP_PKEY_free(pk);
- EVP_PKEY_free(opk);
}
if (rc == 0) {
