Simplify code

OpenSC · Oct 5, 2023 · b3d101e · b3d101e
1 parent 50ec0af
commit b3d101e
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 22 deletions.
diff --git a/src/libp11-int.h b/src/libp11-int.h
@@ -48,7 +48,7 @@ struct pkcs11_ctx_private {
 	CK_FUNCTION_LIST_PTR method;
 	void *handle;
 	char *init_args;
-	struct _CK_VERSION cryptoki_version;
+	CK_VERSION cryptoki_version;
 	UI_METHOD *ui_method; /* UI_METHOD for CKU_CONTEXT_SPECIFIC PINs */
 	void *ui_user_data;
 	unsigned int forkid;

diff --git a/src/p11_cert.c b/src/p11_cert.c
@@ -30,7 +30,6 @@ static int pkcs11_find_certs(PKCS11_SLOT_private *, PKCS11_TEMPLATE *, CK_SESSIO
 static int pkcs11_next_cert(PKCS11_CTX_private *, PKCS11_SLOT_private *, CK_SESSION_HANDLE);
 static int pkcs11_init_cert(PKCS11_SLOT_private *token, CK_SESSION_HANDLE session,
 	CK_OBJECT_HANDLE o, PKCS11_CERT **);
-static int is_version_ge(CK_VERSION version, CK_VERSION target);
 
 /*
  * Enumerate all certs matching with cert_template on the card
@@ -201,15 +200,14 @@ int pkcs11_store_certificate(PKCS11_SLOT_private *slot, X509 *x509, char *label,
 	CK_SESSION_HANDLE session;
 	CK_OBJECT_HANDLE object;
 	int rv, r = -1;
-	PKCS11_TEMPLATE tmpl = {0};
-	CK_OBJECT_CLASS class_certificate = CKO_CERTIFICATE;
-	CK_CERTIFICATE_TYPE certificate_x509 = CKC_X_509;
-
 	int signature_nid;
 	int evp_md_nid = NID_sha1;
 	const EVP_MD* evp_md;
 	unsigned char md[EVP_MAX_MD_SIZE];
 	unsigned int md_len;
+	PKCS11_TEMPLATE tmpl = {0};
+	CK_OBJECT_CLASS class_certificate = CKO_CERTIFICATE;
+	CK_CERTIFICATE_TYPE certificate_x509 = CKC_X_509;
 	CK_MECHANISM_TYPE ckm_md;
 
 	/* First, make sure we have a session */
@@ -225,10 +223,12 @@ int pkcs11_store_certificate(PKCS11_SLOT_private *slot, X509 *x509, char *label,
 	pkcs11_addattr_obj(&tmpl, CKA_ISSUER,
 		(pkcs11_i2d_fn)i2d_X509_NAME, X509_get_issuer_name(x509));
 
-	/* CKA_NAME_HASH_ALGORITHM was added in Cryptoki 2.30; older
-	 * versions of PKCS#11 modules should not touch this attribute or
-	 * any other attributes related to it */
-	if (is_version_ge(ctx->cryptoki_version, (CK_VERSION){2, 30})) {
+	/* Get digest algorithm from x509 certificate */
+	/* CKA_NAME_HASH_ALGORITHM was added in Cryptoki 2.30;
+	 * older versions of PKCS#11 modules should not touch
+	 * this attribute or any other related attributes */
+	if (ctx->cryptoki_version.major > 2 ||
+		(ctx->cryptoki_version.major == 2 && ctx->cryptoki_version.minor >= 30)) {
 		/* Get digest algorithm from x509 certificate */
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L || ( defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x3050000fL )
 		signature_nid = X509_get_signature_nid(x509);
@@ -275,7 +275,7 @@ int pkcs11_store_certificate(PKCS11_SLOT_private *slot, X509 *x509, char *label,
 
 		/* Set hash algorithm; default is SHA-1 */
 		pkcs11_addattr_var(&tmpl, CKA_NAME_HASH_ALGORITHM, ckm_md);
-		if (X509_pubkey_digest(x509,evp_md,md,&md_len))
+		if (X509_pubkey_digest(x509, evp_md, md, &md_len))
 			pkcs11_addattr(&tmpl, CKA_HASH_OF_SUBJECT_PUBLIC_KEY, md, md_len);
 	}
 
@@ -301,15 +301,4 @@ int pkcs11_store_certificate(PKCS11_SLOT_private *slot, X509 *x509, char *label,
 	return r;
 }
 
-/**
- * Compare two CK_VERSION(s).
- *
- * Return 1 if version is greater or equal with the target version.
- * Return 0, otherwise.
- */
-int is_version_ge(CK_VERSION version, CK_VERSION target) {
-	return version.major > target.major ||
-		(version.major == target.major && version.minor >= target.minor);
-}
-
 /* vim: set noexpandtab: */