summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/x509_req.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/x509/x509_req.c')
-rw-r--r--src/lib/libcrypto/x509/x509_req.c49
1 files changed, 21 insertions, 28 deletions
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
index 1c5cee8030..12725ed7e9 100644
--- a/src/lib/libcrypto/x509/x509_req.c
+++ b/src/lib/libcrypto/x509/x509_req.c
@@ -68,18 +68,17 @@
68#include <openssl/pem.h> 68#include <openssl/pem.h>
69 69
70X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) 70X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
71 { 71{
72 X509_REQ *ret; 72 X509_REQ *ret;
73 X509_REQ_INFO *ri; 73 X509_REQ_INFO *ri;
74 int i; 74 int i;
75 EVP_PKEY *pktmp; 75 EVP_PKEY *pktmp;
76 76
77 ret=X509_REQ_new(); 77 ret=X509_REQ_new();
78 if (ret == NULL) 78 if (ret == NULL) {
79 {
80 X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE); 79 X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE);
81 goto err; 80 goto err;
82 } 81 }
83 82
84 ri=ret->req_info; 83 ri=ret->req_info;
85 84
@@ -96,32 +95,30 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
96 EVP_PKEY_free(pktmp); 95 EVP_PKEY_free(pktmp);
97 if (!i) goto err; 96 if (!i) goto err;
98 97
99 if (pkey != NULL) 98 if (pkey != NULL) {
100 {
101 if (!X509_REQ_sign(ret,pkey,md)) 99 if (!X509_REQ_sign(ret,pkey,md))
102 goto err; 100 goto err;
103 } 101 }
104 return(ret); 102 return(ret);
105err: 103err:
106 X509_REQ_free(ret); 104 X509_REQ_free(ret);
107 return(NULL); 105 return(NULL);
108 } 106}
109 107
110EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req) 108EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
111 { 109{
112 if ((req == NULL) || (req->req_info == NULL)) 110 if ((req == NULL) || (req->req_info == NULL))
113 return(NULL); 111 return(NULL);
114 return(X509_PUBKEY_get(req->req_info->pubkey)); 112 return(X509_PUBKEY_get(req->req_info->pubkey));
115 } 113}
116 114
117int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) 115int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
118 { 116{
119 EVP_PKEY *xk=NULL; 117 EVP_PKEY *xk=NULL;
120 int ok=0; 118 int ok=0;
121 119
122 xk=X509_REQ_get_pubkey(x); 120 xk=X509_REQ_get_pubkey(x);
123 switch (EVP_PKEY_cmp(xk, k)) 121 switch (EVP_PKEY_cmp(xk, k)) {
124 {
125 case 1: 122 case 1:
126 ok=1; 123 ok=1;
127 break; 124 break;
@@ -133,26 +130,24 @@ int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
133 break; 130 break;
134 case -2: 131 case -2:
135#ifndef OPENSSL_NO_EC 132#ifndef OPENSSL_NO_EC
136 if (k->type == EVP_PKEY_EC) 133 if (k->type == EVP_PKEY_EC) {
137 {
138 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); 134 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
139 break; 135 break;
140 } 136 }
141#endif 137#endif
142#ifndef OPENSSL_NO_DH 138#ifndef OPENSSL_NO_DH
143 if (k->type == EVP_PKEY_DH) 139 if (k->type == EVP_PKEY_DH) {
144 {
145 /* No idea */ 140 /* No idea */
146 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); 141 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
147 break; 142 break;
148 } 143 }
149#endif 144#endif
150 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); 145 X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
151 } 146 }
152 147
153 EVP_PKEY_free(xk); 148 EVP_PKEY_free(xk);
154 return(ok); 149 return(ok);
155 } 150}
156 151
157/* It seems several organisations had the same idea of including a list of 152/* It seems several organisations had the same idea of including a list of
158 * extensions in a certificate request. There are at least two OIDs that are 153 * extensions in a certificate request. There are at least two OIDs that are
@@ -184,7 +179,7 @@ void X509_REQ_set_extension_nids(int *nids)
184} 179}
185 180
186STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) 181STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
187 { 182{
188 X509_ATTRIBUTE *attr; 183 X509_ATTRIBUTE *attr;
189 ASN1_TYPE *ext = NULL; 184 ASN1_TYPE *ext = NULL;
190 int idx, *pnid; 185 int idx, *pnid;
@@ -192,8 +187,7 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
192 187
193 if ((req == NULL) || (req->req_info == NULL) || !ext_nids) 188 if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
194 return(NULL); 189 return(NULL);
195 for (pnid = ext_nids; *pnid != NID_undef; pnid++) 190 for (pnid = ext_nids; *pnid != NID_undef; pnid++) {
196 {
197 idx = X509_REQ_get_attr_by_NID(req, *pnid, -1); 191 idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
198 if (idx == -1) 192 if (idx == -1)
199 continue; 193 continue;
@@ -202,7 +196,7 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
202 else if(sk_ASN1_TYPE_num(attr->value.set)) 196 else if(sk_ASN1_TYPE_num(attr->value.set))
203 ext = sk_ASN1_TYPE_value(attr->value.set, 0); 197 ext = sk_ASN1_TYPE_value(attr->value.set, 0);
204 break; 198 break;
205 } 199 }
206 if(!ext || (ext->type != V_ASN1_SEQUENCE)) 200 if(!ext || (ext->type != V_ASN1_SEQUENCE))
207 return NULL; 201 return NULL;
208 p = ext->value.sequence->data; 202 p = ext->value.sequence->data;
@@ -235,11 +229,10 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
235 at = NULL; 229 at = NULL;
236 attr->single = 0; 230 attr->single = 0;
237 attr->object = OBJ_nid2obj(nid); 231 attr->object = OBJ_nid2obj(nid);
238 if (!req->req_info->attributes) 232 if (!req->req_info->attributes) {
239 {
240 if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null())) 233 if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null()))
241 goto err; 234 goto err;
242 } 235 }
243 if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err; 236 if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
244 return 1; 237 return 1;
245 err: 238 err:
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 12:06:11 +0000