diff options
| author | tb <> | 2024-05-09 14:20:57 +0000 |
|---|---|---|
| committer | tb <> | 2024-05-09 14:20:57 +0000 |
| commit | 3c613a01c3af9751e253c48c430ba1ad668fa6b2 (patch) | |
| tree | 5dec512cb815406acdf03ff88810c657d5dd10c8 /src | |
| parent | f2cb6d2279c2ba87b60ec55e26300f3ad60fb532 (diff) | |
| download | openbsd-3c613a01c3af9751e253c48c430ba1ad668fa6b2.tar.gz openbsd-3c613a01c3af9751e253c48c430ba1ad668fa6b2.tar.bz2 openbsd-3c613a01c3af9751e253c48c430ba1ad668fa6b2.zip | |
Clean up X509_to_X509_REQ()
Use better variable names. X509_REQ_new() sets the version to the only
specified version, so there is no point to set it. Extract the subject
name, then assign to make it more obvious that we error happens if the
cert has a missing subject. Switch to X509_get0_pubkey() to avoid some
strange dance with a strangely named variable to adjust the refcount.
ok jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_req.c | 39 |
1 files changed, 18 insertions, 21 deletions
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c index 4e30b04d25..119e25b32b 100644 --- a/src/lib/libcrypto/x509/x509_req.c +++ b/src/lib/libcrypto/x509/x509_req.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_req.c,v 1.37 2024/05/09 14:00:52 tb Exp $ */ | 1 | /* $OpenBSD: x509_req.c,v 1.38 2024/05/09 14:20:57 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -75,41 +75,38 @@ | |||
| 75 | #include "x509_local.h" | 75 | #include "x509_local.h" |
| 76 | 76 | ||
| 77 | X509_REQ * | 77 | X509_REQ * |
| 78 | X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) | 78 | X509_to_X509_REQ(X509 *x509, EVP_PKEY *signing_key, const EVP_MD *signing_md) |
| 79 | { | 79 | { |
| 80 | X509_REQ *ret; | 80 | X509_REQ *req; |
| 81 | int i; | 81 | X509_NAME *subject; |
| 82 | EVP_PKEY *pktmp; | 82 | EVP_PKEY *public_key; |
| 83 | 83 | ||
| 84 | ret = X509_REQ_new(); | 84 | if ((req = X509_REQ_new()) == NULL) { |
| 85 | if (ret == NULL) { | ||
| 86 | X509error(ERR_R_MALLOC_FAILURE); | 85 | X509error(ERR_R_MALLOC_FAILURE); |
| 87 | goto err; | 86 | goto err; |
| 88 | } | 87 | } |
| 89 | 88 | ||
| 90 | if (!X509_REQ_set_version(ret, 0)) | 89 | if ((subject = X509_get_subject_name(x509)) == NULL) |
| 91 | goto err; | 90 | goto err; |
| 92 | 91 | if (!X509_REQ_set_subject_name(req, subject)) | |
| 93 | if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x))) | ||
| 94 | goto err; | 92 | goto err; |
| 95 | 93 | ||
| 96 | if ((pktmp = X509_get_pubkey(x)) == NULL) | 94 | if ((public_key = X509_get0_pubkey(x509)) == NULL) |
| 97 | goto err; | 95 | goto err; |
| 98 | 96 | if (!X509_REQ_set_pubkey(req, public_key)) | |
| 99 | i = X509_REQ_set_pubkey(ret, pktmp); | ||
| 100 | EVP_PKEY_free(pktmp); | ||
| 101 | if (!i) | ||
| 102 | goto err; | 97 | goto err; |
| 103 | 98 | ||
| 104 | if (pkey != NULL) { | 99 | if (signing_key != NULL) { |
| 105 | if (!X509_REQ_sign(ret, pkey, md)) | 100 | if (!X509_REQ_sign(req, signing_key, signing_md)) |
| 106 | goto err; | 101 | goto err; |
| 107 | } | 102 | } |
| 108 | return (ret); | ||
| 109 | 103 | ||
| 110 | err: | 104 | return req; |
| 111 | X509_REQ_free(ret); | 105 | |
| 112 | return (NULL); | 106 | err: |
| 107 | X509_REQ_free(req); | ||
| 108 | |||
| 109 | return NULL; | ||
| 113 | } | 110 | } |
| 114 | LCRYPTO_ALIAS(X509_to_X509_REQ); | 111 | LCRYPTO_ALIAS(X509_to_X509_REQ); |
| 115 | 112 | ||