Remove -2 return value from X509*_get_*_by_NID. X509*_get_*_by_NID return -1 if the extension was not found, but -2 if the NID was invalid. Looking through callers, many check index != -1, rather than index < 0. That means, in theory, they'll do the wrong thing in some cases. Realistically, this case is impossible: most callers pass in a constant. Even in those that don't, NIDs are a local enum, not standard constants. That means hitting this path is almost certainly a programmer error. No need to complicate the calling convention for it. Update-Note: The return value convention of some functions was simplified. This is not expected to affect any callers. Change-Id: If2f5a45c37caccdbfcc3296ff2db6db1183e3a95 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48368 Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c index d3e78c3..e2a5121 100644 --- a/crypto/x509/x509_att.c +++ b/crypto/x509/x509_att.c
@@ -76,11 +76,7 @@ { const ASN1_OBJECT *obj = OBJ_nid2obj(nid); if (obj == NULL) { - /* TODO(davidben): Return -1 here. Callers often check the result - * against -1 without handling a theoretical -2 output. Reporting a - * different result should not be necessary because invalid NIDs are - * almost always a programmer error. */ - return -2; + return -1; } return X509at_get_attr_by_OBJ(x, obj, lastpos); }
diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c index d2a51c0..00d6399 100644 --- a/crypto/x509/x509_v3.c +++ b/crypto/x509/x509_v3.c
@@ -74,11 +74,7 @@ { const ASN1_OBJECT *obj = OBJ_nid2obj(nid); if (obj == NULL) { - /* TODO(davidben): Return -1 here. Callers often check the result - * against -1 without handling a theoretical -2 output. Reporting a - * different result should not be necessary because invalid NIDs are - * almost always a programmer error. */ - return -2; + return -1; } return X509v3_get_ext_by_OBJ(x, obj, lastpos); }