From dc7f31f07aff8fa94ea886136f9a1dec1597de7d Mon Sep 17 00:00:00 2001 From: tb Date: Thu, 9 May 2024 14:20:57 +0000 Subject: [PATCH] Clean up X509_to_X509_REQ() Use better variable names. X509_REQ_new() sets the version to the only specified version, so there is no point to set it. Extract the subject name, then assign to make it more obvious that we error happens if the cert has a missing subject. Switch to X509_get0_pubkey() to avoid some strange dance with a strangely named variable to adjust the refcount. ok jsing --- lib/libcrypto/x509/x509_req.c | 39 ++++++++++++++++------------------- 1 file changed, 18 insertions(+), 21 deletions(-) diff --git a/lib/libcrypto/x509/x509_req.c b/lib/libcrypto/x509/x509_req.c index 4e30b04d25c..119e25b32b1 100644 --- a/lib/libcrypto/x509/x509_req.c +++ b/lib/libcrypto/x509/x509_req.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_req.c,v 1.37 2024/05/09 14:00:52 tb Exp $ */ +/* $OpenBSD: x509_req.c,v 1.38 2024/05/09 14:20:57 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -75,41 +75,38 @@ #include "x509_local.h" X509_REQ * -X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) +X509_to_X509_REQ(X509 *x509, EVP_PKEY *signing_key, const EVP_MD *signing_md) { - X509_REQ *ret; - int i; - EVP_PKEY *pktmp; + X509_REQ *req; + X509_NAME *subject; + EVP_PKEY *public_key; - ret = X509_REQ_new(); - if (ret == NULL) { + if ((req = X509_REQ_new()) == NULL) { X509error(ERR_R_MALLOC_FAILURE); goto err; } - if (!X509_REQ_set_version(ret, 0)) + if ((subject = X509_get_subject_name(x509)) == NULL) goto err; - - if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x))) + if (!X509_REQ_set_subject_name(req, subject)) goto err; - if ((pktmp = X509_get_pubkey(x)) == NULL) + if ((public_key = X509_get0_pubkey(x509)) == NULL) goto err; - - i = X509_REQ_set_pubkey(ret, pktmp); - EVP_PKEY_free(pktmp); - if (!i) + if (!X509_REQ_set_pubkey(req, public_key)) goto err; - if (pkey != NULL) { - if (!X509_REQ_sign(ret, pkey, md)) + if (signing_key != NULL) { + if (!X509_REQ_sign(req, signing_key, signing_md)) goto err; } - return (ret); -err: - X509_REQ_free(ret); - return (NULL); + return req; + + err: + X509_REQ_free(req); + + return NULL; } LCRYPTO_ALIAS(X509_to_X509_REQ); -- 2.20.1