From cff692b35dc0ab18f9757fecda61a5395357450d Mon Sep 17 00:00:00 2001 From: tb Date: Thu, 9 May 2024 14:27:21 +0000 Subject: [PATCH] Streamline X509_REQ_check_private_key() a bit Use better variable names, split the success from the error path and return directly rather than using an ok variable. ok jsing --- lib/libcrypto/x509/x509_req.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/lib/libcrypto/x509/x509_req.c b/lib/libcrypto/x509/x509_req.c index 06d445f18c5..3d19c9ee4f5 100644 --- a/lib/libcrypto/x509/x509_req.c +++ b/lib/libcrypto/x509/x509_req.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_req.c,v 1.39 2024/05/09 14:22:16 tb Exp $ */ +/* $OpenBSD: x509_req.c,v 1.40 2024/05/09 14:27:21 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -129,42 +129,43 @@ X509_REQ_get0_pubkey(X509_REQ *req) LCRYPTO_ALIAS(X509_REQ_get0_pubkey); int -X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) +X509_REQ_check_private_key(X509_REQ *req, EVP_PKEY *pkey) { - EVP_PKEY *xk = NULL; - int ok = 0; + EVP_PKEY *req_pubkey = NULL; + int ret; - if ((xk = X509_REQ_get0_pubkey(x)) == NULL) + if ((req_pubkey = X509_REQ_get0_pubkey(req)) == NULL) return 0; - switch (EVP_PKEY_cmp(xk, k)) { - case 1: - ok = 1; - break; + if ((ret = EVP_PKEY_cmp(req_pubkey, pkey)) == 1) + return 1; + + switch (ret) { case 0: X509error(X509_R_KEY_VALUES_MISMATCH); - break; + return 0; case -1: X509error(X509_R_KEY_TYPE_MISMATCH); - break; + return 0; case -2: #ifndef OPENSSL_NO_EC - if (k->type == EVP_PKEY_EC) { + if (pkey->type == EVP_PKEY_EC) { X509error(ERR_R_EC_LIB); - break; + return 0; } #endif #ifndef OPENSSL_NO_DH - if (k->type == EVP_PKEY_DH) { + if (pkey->type == EVP_PKEY_DH) { /* No idea */ X509error(X509_R_CANT_CHECK_DH_KEY); - break; + return 0; } #endif X509error(X509_R_UNKNOWN_KEY_TYPE); + return 0; } - return (ok); + return 0; } LCRYPTO_ALIAS(X509_REQ_check_private_key); -- 2.20.1