gnutls_x509_*_get_signature_algorithm: simplified error handling

These functions were documented to return a negative error code
on failure, as well as GNUTLS_SIGN_UNKNOWN on unknown algorithms.
Simplify them by only returning GNUTLS_SIGN_UNKNOWN on all error
conditions.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

4 files changed, 22 insertions, 18 deletions

diff --git a/lib/x509/crl.c b/lib/x509/crl.c
index 928f6c05c9..2df830b2b3 100644
--- a/lib/x509/crl.c
+++ b/lib/x509/crl.c
@@ -368,18 +368,16 @@ gnutls_x509_crl_get_issuer_dn3(gnutls_x509_crl_t crl, gnutls_datum_t * dn, unsig
  * This function will return a value of the #gnutls_sign_algorithm_t
  * enumeration that is the signature algorithm.
  *
- * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
- *   negative error value.
+ * Since 3.6.0 this function never returns a negative error code.
+ * Error cases and unknown/unsupported signature algorithms are
+ * mapped to %GNUTLS_SIGN_UNKNOWN.
+ *
+ * Returns: a #gnutls_sign_algorithm_t value
  **/
 int gnutls_x509_crl_get_signature_algorithm(gnutls_x509_crl_t crl)
 {
-	if (crl == NULL) {
-		gnutls_assert();
-		return GNUTLS_E_INVALID_REQUEST;
-	}
-
-	return _gnutls_x509_get_signature_algorithm(crl->crl,
-						    "signatureAlgorithm");
+	return map_errs_to_zero(_gnutls_x509_get_signature_algorithm(crl->crl,
+						    "signatureAlgorithm"));
 }
 
 /**
diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index 0642d89f49..b0a4a9d531 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -169,15 +169,18 @@ gnutls_x509_crq_import(gnutls_x509_crq_t crq,
  * enumeration that is the signature algorithm that has been used to
  * sign this certificate request.
  *
- * Returns: a #gnutls_sign_algorithm_t value, or a negative error code on
- *   error.
+ * Since 3.6.0 this function never returns a negative error code.
+ * Error cases and unknown/unsupported signature algorithms are
+ * mapped to %GNUTLS_SIGN_UNKNOWN.
+ *
+ * Returns: a #gnutls_sign_algorithm_t value
  *
  * Since: 3.4.0
  **/
 int gnutls_x509_crq_get_signature_algorithm(gnutls_x509_crq_t crq)
 {
-	return _gnutls_x509_get_signature_algorithm(crq->crq,
-						    "signatureAlgorithm");
+	return map_errs_to_zero(_gnutls_x509_get_signature_algorithm(crq->crq,
+						    "signatureAlgorithm"));
 }
 
 /**
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 6e89a20aec..641b3ac461 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -981,15 +981,16 @@ gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t cert,
  * enumeration that is the signature algorithm that has been used to
  * sign this certificate.
  *
- * Unknown/unsupported signature algorithms are mapped to %GNUTLS_SIGN_UNKNOWN.
+ * Since 3.6.0 this function never returns a negative error code.
+ * Error cases and unknown/unsupported signature algorithms are
+ * mapped to %GNUTLS_SIGN_UNKNOWN.
  *
- * Returns: a #gnutls_sign_algorithm_t value, or a negative error code on
- *   error.
+ * Returns: a #gnutls_sign_algorithm_t value
  **/
 int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t cert)
 {
-	return _gnutls_x509_get_signature_algorithm(cert->cert,
-						    "signatureAlgorithm");
+	return map_errs_to_zero(_gnutls_x509_get_signature_algorithm(cert->cert,
+						    "signatureAlgorithm"));
 }
 
 /**
diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index 6a7e5fcc96..9555f65c03 100644
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -163,6 +163,8 @@ int _gnutls_x509_crt_get_spki_params(gnutls_x509_crt_t issuer,
 				     const gnutls_x509_spki_st *key_params,
 				     gnutls_x509_spki_st *params);
 
+#define map_errs_to_zero(x) ((x)<0?0:(x))
+
 /* dn.c */
 #define OID_X520_COUNTRY_NAME		"2.5.4.6"
 #define OID_X520_ORGANIZATION_NAME	"2.5.4.10"