1 files changed, 17 insertions, 16 deletions
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
index 06d445f18c..3d19c9ee4f 100644
--- a/src/lib/libcrypto/x509/x509_req.c
+++ b/src/lib/libcrypto/x509/x509_req.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_req.c,v 1.39 2024/05/09 14:22:16 tb Exp $ */
+/* $OpenBSD: x509_req.c,v 1.40 2024/05/09 14:27:21 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -129,42 +129,43 @@ X509_REQ_get0_pubkey(X509_REQ *req)
 LCRYPTO_ALIAS(X509_REQ_get0_pubkey);
 int
-X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
+X509_REQ_check_private_key(X509_REQ *req, EVP_PKEY *pkey)
 {
-        EVP_PKEY *xk = NULL;
+        EVP_PKEY *req_pubkey = NULL;
-        int ok = 0;
+        int ret;
-        if ((xk = X509_REQ_get0_pubkey(x)) == NULL)
+        if ((req_pubkey = X509_REQ_get0_pubkey(req)) == NULL)
                return 0;
-        switch (EVP_PKEY_cmp(xk, k)) {
+        if ((ret = EVP_PKEY_cmp(req_pubkey, pkey)) == 1)
-        case 1:
+                return 1;
-                ok = 1;
-                break;
+        switch (ret) {
        case 0:
                X509error(X509_R_KEY_VALUES_MISMATCH);
-                break;
+                return 0;
        case -1:
                X509error(X509_R_KEY_TYPE_MISMATCH);
-                break;
+                return 0;
        case -2:
 #ifndef OPENSSL_NO_EC
-                if (k->type == EVP_PKEY_EC) {
+                if (pkey->type == EVP_PKEY_EC) {
                        X509error(ERR_R_EC_LIB);
-                        break;
+                        return 0;
                }
 #endif
 #ifndef OPENSSL_NO_DH
-                if (k->type == EVP_PKEY_DH) {
+                if (pkey->type == EVP_PKEY_DH) {
                        /* No idea */
                        X509error(X509_R_CANT_CHECK_DH_KEY);
-                        break;
+                        return 0;
                }
 #endif
                X509error(X509_R_UNKNOWN_KEY_TYPE);
+                return 0;
        }
-        return (ok);
+        return 0;
 }
 LCRYPTO_ALIAS(X509_REQ_check_private_key);

diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c index 06d445f18c..3d19c9ee4f 100644 --- a/src/lib/libcrypto/x509/x509_req.c +++ b/src/lib/libcrypto/x509/x509_req.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_req.c,v 1.39 2024/05/09 14:22:16 tb Exp $ */	1	/* $OpenBSD: x509_req.c,v 1.40 2024/05/09 14:27:21 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -129,42 +129,43 @@ X509_REQ_get0_pubkey(X509_REQ *req)
129	LCRYPTO_ALIAS(X509_REQ_get0_pubkey);	129	LCRYPTO_ALIAS(X509_REQ_get0_pubkey);
130		130
131	int	131	int
132	X509_REQ_check_private_key(X509_REQ x, EVP_PKEY k)	132	X509_REQ_check_private_key(X509_REQ req, EVP_PKEY pkey)
133	{	133	{
134	EVP_PKEY *xk = NULL;	134	EVP_PKEY *req_pubkey = NULL;
135	int ok = 0;	135	int ret;
136		136
137	if ((xk = X509_REQ_get0_pubkey(x)) == NULL)	137	if ((req_pubkey = X509_REQ_get0_pubkey(req)) == NULL)
138	return 0;	138	return 0;
139		139
140	switch (EVP_PKEY_cmp(xk, k)) {	140	if ((ret = EVP_PKEY_cmp(req_pubkey, pkey)) == 1)
141	case 1:	141	return 1;
142	ok = 1;	142
143	break;	143	switch (ret) {
144	case 0:	144	case 0:
145	X509error(X509_R_KEY_VALUES_MISMATCH);	145	X509error(X509_R_KEY_VALUES_MISMATCH);
146	break;	146	return 0;
147	case -1:	147	case -1:
148	X509error(X509_R_KEY_TYPE_MISMATCH);	148	X509error(X509_R_KEY_TYPE_MISMATCH);
149	break;	149	return 0;
150	case -2:	150	case -2:
151	#ifndef OPENSSL_NO_EC	151	#ifndef OPENSSL_NO_EC
152	if (k->type == EVP_PKEY_EC) {	152	if (pkey->type == EVP_PKEY_EC) {
153	X509error(ERR_R_EC_LIB);	153	X509error(ERR_R_EC_LIB);
154	break;	154	return 0;
155	}	155	}
156	#endif	156	#endif
157	#ifndef OPENSSL_NO_DH	157	#ifndef OPENSSL_NO_DH
158	if (k->type == EVP_PKEY_DH) {	158	if (pkey->type == EVP_PKEY_DH) {
159	/* No idea */	159	/* No idea */
160	X509error(X509_R_CANT_CHECK_DH_KEY);	160	X509error(X509_R_CANT_CHECK_DH_KEY);
161	break;	161	return 0;
162	}	162	}
163	#endif	163	#endif
164	X509error(X509_R_UNKNOWN_KEY_TYPE);	164	X509error(X509_R_UNKNOWN_KEY_TYPE);
		165	return 0;
165	}	166	}
166		167
167	return (ok);	168	return 0;
168	}	169	}
169	LCRYPTO_ALIAS(X509_REQ_check_private_key);	170	LCRYPTO_ALIAS(X509_REQ_check_private_key);
170		171