diff options
Diffstat (limited to 'crypto/x509/x509_req.c')
| -rw-r--r-- | crypto/x509/x509_req.c | 71 |
1 files changed, 41 insertions, 30 deletions
diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index c2b8cb9f3e2d..5428bdaf4ca6 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -1,7 +1,7 @@ /* * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -26,9 +26,9 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) int i; EVP_PKEY *pktmp; - ret = X509_REQ_new(); + ret = X509_REQ_new_ex(x->libctx, x->propq); if (ret == NULL) { - X509err(X509_F_X509_TO_X509_REQ, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); goto err; } @@ -85,33 +85,18 @@ int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) int ok = 0; xk = X509_REQ_get_pubkey(x); - switch (EVP_PKEY_cmp(xk, k)) { + switch (EVP_PKEY_eq(xk, k)) { case 1: ok = 1; break; case 0: - X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, - X509_R_KEY_VALUES_MISMATCH); + ERR_raise(ERR_LIB_X509, X509_R_KEY_VALUES_MISMATCH); break; case -1: - X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, X509_R_KEY_TYPE_MISMATCH); + ERR_raise(ERR_LIB_X509, X509_R_KEY_TYPE_MISMATCH); break; case -2: -#ifndef OPENSSL_NO_EC - if (EVP_PKEY_id(k) == EVP_PKEY_EC) { - X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); - break; - } -#endif -#ifndef OPENSSL_NO_DH - if (EVP_PKEY_id(k) == EVP_PKEY_DH) { - /* No idea */ - X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, - X509_R_CANT_CHECK_DH_KEY); - break; - } -#endif - X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE); + ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_KEY_TYPE); } EVP_PKEY_free(xk); @@ -131,6 +116,7 @@ static int *ext_nids = ext_nid_list; int X509_REQ_extension_nid(int req_nid) { int i, nid; + for (i = 0;; i++) { nid = ext_nids[i]; if (nid == NID_undef) @@ -157,7 +143,7 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) int idx, *pnid; const unsigned char *p; - if ((req == NULL) || !ext_nids) + if (req == NULL || !ext_nids) return NULL; for (pnid = ext_nids; *pnid != NID_undef; pnid++) { idx = X509_REQ_get_attr_by_NID(req, *pnid, -1); @@ -181,15 +167,15 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) * Add a STACK_OF extensions to a certificate request: allow alternative OIDs * in case we want to create a non standard one. */ - -int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, - int nid) +int X509_REQ_add_extensions_nid(X509_REQ *req, + const STACK_OF(X509_EXTENSION) *exts, int nid) { int extlen; int rv = 0; unsigned char *ext = NULL; + /* Generate encoding of extensions */ - extlen = ASN1_item_i2d((ASN1_VALUE *)exts, &ext, + extlen = ASN1_item_i2d((const ASN1_VALUE *)exts, &ext, ASN1_ITEM_rptr(X509_EXTENSIONS)); if (extlen <= 0) return 0; @@ -199,7 +185,7 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, } /* This is the normal usage: use the "official" OID */ -int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts) +int X509_REQ_add_extensions(X509_REQ *req, const STACK_OF(X509_EXTENSION) *exts) { return X509_REQ_add_extensions_nid(req, exts, NID_ext_req); } @@ -229,8 +215,13 @@ X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc) X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc) { - X509_ATTRIBUTE *attr = X509at_delete_attr(req->req_info.attributes, loc); + X509_ATTRIBUTE *attr; + if (req == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + attr = X509at_delete_attr(req->req_info.attributes, loc); if (attr != NULL) req->req_info.enc.modified = 1; return attr; @@ -238,6 +229,10 @@ X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc) int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr) { + if (req == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } if (!X509at_add1_attr(&req->req_info.attributes, attr)) return 0; req->req_info.enc.modified = 1; @@ -248,6 +243,10 @@ int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, const ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len) { + if (req == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } if (!X509at_add1_attr_by_OBJ(&req->req_info.attributes, obj, type, bytes, len)) return 0; @@ -259,6 +258,10 @@ int X509_REQ_add1_attr_by_NID(X509_REQ *req, int nid, int type, const unsigned char *bytes, int len) { + if (req == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } if (!X509at_add1_attr_by_NID(&req->req_info.attributes, nid, type, bytes, len)) return 0; @@ -270,6 +273,10 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req, const char *attrname, int type, const unsigned char *bytes, int len) { + if (req == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } if (!X509at_add1_attr_by_txt(&req->req_info.attributes, attrname, type, bytes, len)) return 0; @@ -299,7 +306,7 @@ void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig) { if (req->signature) - ASN1_BIT_STRING_free(req->signature); + ASN1_BIT_STRING_free(req->signature); req->signature = psig; } @@ -315,6 +322,10 @@ int X509_REQ_get_signature_nid(const X509_REQ *req) int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) { + if (req == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } req->req_info.enc.modified = 1; return i2d_X509_REQ_INFO(&req->req_info, pp); } |