Track key type (RSA or ECDSA) in an enum and clean up a bit while here.

Originaly from Renaud Allard following input from benno, tweaked by me.
OK benno

5 files changed, 35 insertions, 37 deletions

diff --git a/usr.sbin/acme-client/extern.h b/usr.sbin/acme-client/extern.h
index 17c6aa54f18..d533466fbe6 100644
--- a/usr.sbin/acme-client/extern.h
+++ b/usr.sbin/acme-client/extern.h
@@ -1,4 +1,4 @@
-/*	$Id: extern.h,v 1.13 2019/06/12 11:09:25 gilles Exp $ */
+/*	$Id: extern.h,v 1.14 2019/06/14 19:55:08 florian Exp $ */
 /*
  * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -207,7 +207,8 @@ int		 revokeproc(int, const char *, const char *,
 			int, int, const char *const *, size_t);
 int		 fileproc(int, const char *, const char *, const char *,
 			const char *);
-int		 keyproc(int, const char *, const char **, size_t);
+int		 keyproc(int, const char *, const char **, size_t,
+			enum keytype);
 int		 netproc(int, int, int, int, int, int, int,
 			struct authority_c *, const char *const *,
 			size_t);
@@ -276,11 +277,6 @@ char		*json_fmt_signed(const char *, const char *, const char *);
 int		 verbose;
 
 /*
- * Should we switch to ecdsa?
- */
-int		ecdsa;
-
-/*
  * What component is the process within (COMP__MAX for none)?
  */
 enum comp	 proccomp;
diff --git a/usr.sbin/acme-client/keyproc.c b/usr.sbin/acme-client/keyproc.c
index 9c392a0f3f6..cb0aca78608 100644
--- a/usr.sbin/acme-client/keyproc.c
+++ b/usr.sbin/acme-client/keyproc.c
@@ -1,4 +1,4 @@
-/*	$Id: keyproc.c,v 1.13 2019/06/12 11:09:25 gilles Exp $ */
+/*	$Id: keyproc.c,v 1.14 2019/06/14 19:55:08 florian Exp $ */
 /*
  * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -74,8 +74,8 @@ add_ext(STACK_OF(X509_EXTENSION) *sk, int nid, const char *value)
  * jail and, on success, ship it to "netsock" as an X509 request.
  */
 int
-keyproc(int netsock, const char *keyfile,
-    const char **alts, size_t altsz)
+keyproc(int netsock, const char *keyfile, const char **alts, size_t altsz,
+    enum keytype keytype)
 {
 	char		*der64 = NULL, *der = NULL, *dercp;
 	char		*sans = NULL, *san = NULL;
@@ -117,14 +117,17 @@ keyproc(int netsock, const char *keyfile,
 	}
 
 	if (newkey) {
-		if (ecdsa) {
+		switch (keytype) {
+		case KT_ECDSA:
 			if ((pkey = ec_key_create(f, keyfile)) == NULL)
 				goto out;
 			dodbg("%s: generated ECDSA domain key", keyfile);
-		} else {
+			break;
+		case KT_RSA:
 			if ((pkey = rsa_key_create(f, keyfile)) == NULL)
 				goto out;
 			dodbg("%s: generated RSA domain key", keyfile);
+			break;
 		}
 	} else {
 		if ((pkey = key_load(f, keyfile)) == NULL)
diff --git a/usr.sbin/acme-client/main.c b/usr.sbin/acme-client/main.c
index ea8f7c5d348..1a2c1749e49 100644
--- a/usr.sbin/acme-client/main.c
+++ b/usr.sbin/acme-client/main.c
@@ -1,4 +1,4 @@
-/*	$Id: main.c,v 1.48 2019/06/12 11:09:25 gilles Exp $ */
+/*	$Id: main.c,v 1.49 2019/06/14 19:55:08 florian Exp $ */
 /*
  * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -49,7 +49,6 @@ main(int argc, char *argv[])
 	int		  popts = 0;
 	pid_t		  pids[COMP__MAX];
 	extern int	  verbose;
-	extern int	  ecdsa;
 	extern enum comp  proccomp;
 	size_t		  i, altsz, ne;
 
@@ -148,10 +147,6 @@ main(int argc, char *argv[])
 			errx(EXIT_FAILURE, "authority %s not found", auth);
 	}
 
-	if (domain->keytype == 1) {
-		ecdsa = 1;
-	}
-
 	acctkey = authority->account;
 
 	if ((chngdir = domain->challengedir) == NULL)
@@ -258,7 +253,8 @@ main(int argc, char *argv[])
 		close(file_fds[0]);
 		close(file_fds[1]);
 		c = keyproc(key_fds[0], domain->key,
-		    (const char **)alts, altsz);
+		    (const char **)alts, altsz,
+		    domain->keytype);
 		exit(c ? EXIT_SUCCESS : EXIT_FAILURE);
 	}
 
diff --git a/usr.sbin/acme-client/parse.h b/usr.sbin/acme-client/parse.h
index 78405590568..95229a42441 100644
--- a/usr.sbin/acme-client/parse.h
+++ b/usr.sbin/acme-client/parse.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.h,v 1.11 2019/06/12 11:09:25 gilles Exp $ */
+/*	$OpenBSD: parse.h,v 1.12 2019/06/14 19:55:08 florian Exp $ */
 /*
  * Copyright (c) 2016 Sebastian Benoit <benno@openbsd.org>
  *
@@ -27,6 +27,11 @@
  * limit all paths to PATH_MAX
  */
 
+enum keytype {
+	KT_RSA = 0,
+	KT_ECDSA
+};
+
 struct authority_c {
 	TAILQ_ENTRY(authority_c)	 entry;
 	char		       	*name;
@@ -36,16 +41,16 @@ struct authority_c {
 
 struct domain_c {
 	TAILQ_ENTRY(domain_c)	 entry;
-	TAILQ_HEAD(, altname_c)	altname_list;
-	int			altname_count;
-	int		       	keytype;
-	char		       	*domain;
-	char		       	*key;
-	char		       	*cert;
+	TAILQ_HEAD(, altname_c)	 altname_list;
+	int			 altname_count;
+	enum keytype		 keytype;
+	char			*domain;
+	char			*key;
+	char			*cert;
 	char			*chain;
 	char			*fullchain;
-	char		       	*auth;
-	char		       	*challengedir;
+	char			*auth;
+	char			*challengedir;
 };
 
 struct altname_c {
diff --git a/usr.sbin/acme-client/parse.y b/usr.sbin/acme-client/parse.y
index 994492706bb..f2531a180b5 100644
--- a/usr.sbin/acme-client/parse.y
+++ b/usr.sbin/acme-client/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.35 2019/06/12 11:09:25 gilles Exp $ */
+/*	$OpenBSD: parse.y,v 1.36 2019/06/14 19:55:08 florian Exp $ */
 
 /*
  * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -100,7 +100,7 @@ typedef struct {
 %}
 
 %token	AUTHORITY URL API ACCOUNT
-%token	DOMAIN ALTERNATIVE NAMES CERT FULL CHAIN KEY SIGN WITH CHALLENGEDIR KEYTYPE
+%token	DOMAIN ALTERNATIVE NAMES CERT FULL CHAIN KEY SIGN WITH CHALLENGEDIR
 %token	YES NO
 %token	INCLUDE
 %token	ERROR
@@ -108,6 +108,7 @@ typedef struct {
 %token	<v.string>	STRING
 %token	<v.number>	NUMBER
 %type	<v.string>	string
+%type	<v.number>	keytype
 
 %%
 
@@ -260,13 +261,9 @@ domain		: DOMAIN STRING {
 		}
 		;
 
-keytype		: RSA { 
-			domain->keytype = 0;
-		}
-		| ECDSA {
-			domain->keytype = 1;
-		}
-		| /* nothing */
+keytype		: RSA	{ $$ = KT_RSA; }
+		| ECDSA	{ $$ = KT_ECDSA; }
+		|	{ $$ = KT_RSA; }
 		;
 
 domainopts_l	: domainopts_l domainoptsl nl
@@ -292,6 +289,7 @@ domainoptsl	: ALTERNATIVE NAMES '{' altname_l '}'
 				YYERROR;
 			}
 			domain->key = s;
+			domain->keytype = $4;
 		}
 		| DOMAIN CERT STRING {
 			char *s;