diff options
Diffstat (limited to 'crypto/x509')
-rw-r--r-- | crypto/x509/x509.err | 5 | ||||
-rw-r--r-- | crypto/x509/x509.h | 5 | ||||
-rw-r--r-- | crypto/x509/x509_cmp.c | 21 | ||||
-rw-r--r-- | crypto/x509/x509_err.c | 5 |
4 files changed, 32 insertions, 4 deletions
diff --git a/crypto/x509/x509.err b/crypto/x509/x509.err index c81001ae37..49c1133260 100644 --- a/crypto/x509/x509.err +++ b/crypto/x509/x509.err @@ -9,6 +9,7 @@ #define X509_F_X509V3_ADD_EXTENSION 105 #define X509_F_X509V3_PACK_STRING 106 #define X509_F_X509V3_UNPACK_STRING 107 +#define X509_F_X509_CHECK_PRIVATE_KEY 128 #define X509_F_X509_EXTENSION_CREATE_BY_NID 108 #define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 #define X509_F_X509_GET_PUBKEY_PARAMETERS 110 @@ -32,15 +33,19 @@ /* Reason codes. */ #define X509_R_BAD_X509_FILETYPE 100 +#define X509_R_CANT_CHECK_DH_KEY 114 #define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 #define X509_R_ERR_ASN1_LIB 102 #define X509_R_INVALID_DIRECTORY 113 +#define X509_R_KEY_TYPE_MISMATCH 115 +#define X509_R_KEY_VALUES_MISMATCH 116 #define X509_R_LOADING_CERT_DIR 103 #define X509_R_LOADING_DEFAULTS 104 #define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 #define X509_R_SHOULD_RETRY 106 #define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 #define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 +#define X509_R_UNKNOWN_KEY_TYPE 117 #define X509_R_UNKNOWN_NID 109 #define X509_R_UNKNOWN_STRING_TYPE 110 #define X509_R_UNSUPPORTED_ALGORITHM 111 diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 694689e3ea..8c084db103 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -1152,6 +1152,7 @@ X509 *X509_find_by_subject(); #define X509_F_X509V3_ADD_EXTENSION 105 #define X509_F_X509V3_PACK_STRING 106 #define X509_F_X509V3_UNPACK_STRING 107 +#define X509_F_X509_CHECK_PRIVATE_KEY 128 #define X509_F_X509_EXTENSION_CREATE_BY_NID 108 #define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 #define X509_F_X509_GET_PUBKEY_PARAMETERS 110 @@ -1175,15 +1176,19 @@ X509 *X509_find_by_subject(); /* Reason codes. */ #define X509_R_BAD_X509_FILETYPE 100 +#define X509_R_CANT_CHECK_DH_KEY 114 #define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 #define X509_R_ERR_ASN1_LIB 102 #define X509_R_INVALID_DIRECTORY 113 +#define X509_R_KEY_TYPE_MISMATCH 115 +#define X509_R_KEY_VALUES_MISMATCH 116 #define X509_R_LOADING_CERT_DIR 103 #define X509_R_LOADING_DEFAULTS 104 #define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 #define X509_R_SHOULD_RETRY 106 #define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 #define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 +#define X509_R_UNKNOWN_KEY_TYPE 117 #define X509_R_UNKNOWN_NID 109 #define X509_R_UNKNOWN_STRING_TYPE 110 #define X509_R_UNSUPPORTED_ALGORITHM 111 diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 039a9f49f0..7d850184ca 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -271,27 +271,40 @@ EVP_PKEY *k; int ok=0; xk=X509_get_pubkey(x); - if (xk->type != k->type) goto err; + if (xk->type != k->type) + { + SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); + goto err; + } switch (k->type) { #ifndef NO_RSA case EVP_PKEY_RSA: - if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0) goto err; - if (BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) goto err; + if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0 + || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) + { + SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); + goto err; + } break; #endif #ifndef NO_DSA case EVP_PKEY_DSA: if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0) - goto err; + { + SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); + goto err; + } break; #endif #ifndef NO_DH case EVP_PKEY_DH: /* No idea */ + SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); goto err; #endif default: + SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); goto err; } diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c index 353b60dcc9..6adf987b04 100644 --- a/crypto/x509/x509_err.c +++ b/crypto/x509/x509_err.c @@ -71,6 +71,7 @@ static ERR_STRING_DATA X509_str_functs[]= {ERR_PACK(0,X509_F_X509V3_ADD_EXTENSION,0), "X509V3_ADD_EXTENSION"}, {ERR_PACK(0,X509_F_X509V3_PACK_STRING,0), "X509v3_pack_string"}, {ERR_PACK(0,X509_F_X509V3_UNPACK_STRING,0), "X509v3_unpack_string"}, +{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0), "X509_check_private_key"}, {ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"}, {ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"}, {ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"}, @@ -97,15 +98,19 @@ static ERR_STRING_DATA X509_str_functs[]= static ERR_STRING_DATA X509_str_reasons[]= { {X509_R_BAD_X509_FILETYPE ,"bad x509 filetype"}, +{X509_R_CANT_CHECK_DH_KEY ,"cant check dh key"}, {X509_R_CERT_ALREADY_IN_HASH_TABLE ,"cert already in hash table"}, {X509_R_ERR_ASN1_LIB ,"err asn1 lib"}, {X509_R_INVALID_DIRECTORY ,"invalid directory"}, +{X509_R_KEY_TYPE_MISMATCH ,"key type mismatch"}, +{X509_R_KEY_VALUES_MISMATCH ,"key values mismatch"}, {X509_R_LOADING_CERT_DIR ,"loading cert dir"}, {X509_R_LOADING_DEFAULTS ,"loading defaults"}, {X509_R_NO_CERT_SET_FOR_US_TO_VERIFY ,"no cert set for us to verify"}, {X509_R_SHOULD_RETRY ,"should retry"}, {X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"}, {X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ,"unable to get certs public key"}, +{X509_R_UNKNOWN_KEY_TYPE ,"unknown key type"}, {X509_R_UNKNOWN_NID ,"unknown nid"}, {X509_R_UNKNOWN_STRING_TYPE ,"unknown string type"}, {X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"}, |