@@ -499,7 +499,9 @@ int64_t PortableTimeGM(struct tm* t) {
499499// ============================================================================
500500// SPKAC
501501
502- bool VerifySpkac (const char * input, size_t length) {
502+ namespace {
503+ bool VerifySpkacImpl (const char * input, size_t length) {
504+ ClearErrorOnReturn clearErrorOnReturn;
503505#ifdef OPENSSL_IS_BORINGSSL
504506 // OpenSSL uses EVP_DecodeBlock, which explicitly removes trailing characters,
505507 // while BoringSSL uses EVP_DecodedLength and EVP_DecodeBase64, which do not.
@@ -517,9 +519,11 @@ bool VerifySpkac(const char* input, size_t length) {
517519 return pkey ? NETSCAPE_SPKI_verify (spki.get (), pkey.get ()) > 0 : false ;
518520}
519521
520- BIOPointer ExportPublicKey (const char * input, size_t length) {
521- BIOPointer bio (BIO_new (BIO_s_mem ()));
522- if (!bio) return {};
522+ BIOPointer ExportPublicKeyImpl (const char * input, size_t length) {
523+ ClearErrorOnReturn clearErrorOnReturn;
524+ auto bio = BIOPointer::NewMem ();
525+ if (!bio) [[unlikely]]
526+ return {};
523527
524528#ifdef OPENSSL_IS_BORINGSSL
525529 // OpenSSL uses EVP_DecodeBlock, which explicitly removes trailing characters,
@@ -528,17 +532,21 @@ BIOPointer ExportPublicKey(const char* input, size_t length) {
528532 length = std::string_view (input, length).find_last_not_of (" \n\r\t " 1 ;
529533#endif
530534 NetscapeSPKIPointer spki (NETSCAPE_SPKI_b64_decode (input, length));
531- if (!spki) return {};
535+ if (!spki) [[unlikely]] {
536+ return {};
537+ }
532538
533539 EVPKeyPointer pkey (NETSCAPE_SPKI_get_pubkey (spki.get ()));
534- if (!pkey) return {};
535540
536- if (PEM_write_bio_PUBKEY (bio.get (), pkey.get ()) <= 0 ) return {};
541+ if (!pkey || PEM_write_bio_PUBKEY (bio.get (), pkey.get ()) <= 0 ) [[unlikely]] {
542+ return {};
543+ }
537544
538545 return bio;
539546}
540547
541- Buffer<char > ExportChallenge (const char * input, size_t length) {
548+ DataPointer ExportChallengeImpl (const char * input, size_t length) {
549+ ClearErrorOnReturn clearErrorOnReturn;
542550#ifdef OPENSSL_IS_BORINGSSL
543551 // OpenSSL uses EVP_DecodeBlock, which explicitly removes trailing characters,
544552 // while BoringSSL uses EVP_DecodedLength and EVP_DecodeBase64, which do not.
@@ -551,14 +559,46 @@ Buffer<char> ExportChallenge(const char* input, size_t length) {
551559 unsigned char * buf = nullptr ;
552560 int buf_size = ASN1_STRING_to_UTF8 (&buf, sp->spkac ->challenge );
553561 if (buf_size >= 0 ) {
554- return {
562+ return DataPointer ( {
555563 .data = reinterpret_cast <char *>(buf),
556564 .len = static_cast <size_t >(buf_size),
557- };
565+ }) ;
558566 }
559567
560568 return {};
561569}
570+ } // namespace
571+
572+ bool VerifySpkac (const Buffer<const char >& input) {
573+ return VerifySpkacImpl (input.data , input.len );
574+ }
575+
576+ BIOPointer ExportPublicKey (const Buffer<const char >& input) {
577+ return ExportPublicKeyImpl (input.data , input.len );
578+ }
579+
580+ DataPointer ExportChallenge (const Buffer<const char >& input) {
581+ return ExportChallengeImpl (input.data , input.len );
582+ }
583+
584+ bool VerifySpkac (const char * input, size_t length) {
585+ return VerifySpkacImpl (input, length);
586+ }
587+
588+ BIOPointer ExportPublicKey (const char * input, size_t length) {
589+ return ExportPublicKeyImpl (input, length);
590+ }
591+
592+ Buffer<char > ExportChallenge (const char * input, size_t length) {
593+ if (auto dp = ExportChallengeImpl (input, length)) {
594+ auto released = dp.release ();
595+ return Buffer<char >{
596+ .data = static_cast <char *>(released.data ),
597+ .len = released.len ,
598+ };
599+ }
600+ return {};
601+ }
562602
563603// ============================================================================
564604namespace {
0 commit comments