summaryrefslogtreecommitdiff
path: root/crypto/x509
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/x509')
-rw-r--r--crypto/x509/x509.err5
-rw-r--r--crypto/x509/x509.h5
-rw-r--r--crypto/x509/x509_cmp.c21
-rw-r--r--crypto/x509/x509_err.c5
4 files changed, 32 insertions, 4 deletions
diff --git a/crypto/x509/x509.err b/crypto/x509/x509.err
index c81001ae37..49c1133260 100644
--- a/crypto/x509/x509.err
+++ b/crypto/x509/x509.err
@@ -9,6 +9,7 @@
#define X509_F_X509V3_ADD_EXTENSION 105
#define X509_F_X509V3_PACK_STRING 106
#define X509_F_X509V3_UNPACK_STRING 107
+#define X509_F_X509_CHECK_PRIVATE_KEY 128
#define X509_F_X509_EXTENSION_CREATE_BY_NID 108
#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109
#define X509_F_X509_GET_PUBKEY_PARAMETERS 110
@@ -32,15 +33,19 @@
/* Reason codes. */
#define X509_R_BAD_X509_FILETYPE 100
+#define X509_R_CANT_CHECK_DH_KEY 114
#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
#define X509_R_ERR_ASN1_LIB 102
#define X509_R_INVALID_DIRECTORY 113
+#define X509_R_KEY_TYPE_MISMATCH 115
+#define X509_R_KEY_VALUES_MISMATCH 116
#define X509_R_LOADING_CERT_DIR 103
#define X509_R_LOADING_DEFAULTS 104
#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
#define X509_R_SHOULD_RETRY 106
#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107
#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108
+#define X509_R_UNKNOWN_KEY_TYPE 117
#define X509_R_UNKNOWN_NID 109
#define X509_R_UNKNOWN_STRING_TYPE 110
#define X509_R_UNSUPPORTED_ALGORITHM 111
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 694689e3ea..8c084db103 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -1152,6 +1152,7 @@ X509 *X509_find_by_subject();
#define X509_F_X509V3_ADD_EXTENSION 105
#define X509_F_X509V3_PACK_STRING 106
#define X509_F_X509V3_UNPACK_STRING 107
+#define X509_F_X509_CHECK_PRIVATE_KEY 128
#define X509_F_X509_EXTENSION_CREATE_BY_NID 108
#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109
#define X509_F_X509_GET_PUBKEY_PARAMETERS 110
@@ -1175,15 +1176,19 @@ X509 *X509_find_by_subject();
/* Reason codes. */
#define X509_R_BAD_X509_FILETYPE 100
+#define X509_R_CANT_CHECK_DH_KEY 114
#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
#define X509_R_ERR_ASN1_LIB 102
#define X509_R_INVALID_DIRECTORY 113
+#define X509_R_KEY_TYPE_MISMATCH 115
+#define X509_R_KEY_VALUES_MISMATCH 116
#define X509_R_LOADING_CERT_DIR 103
#define X509_R_LOADING_DEFAULTS 104
#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
#define X509_R_SHOULD_RETRY 106
#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107
#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108
+#define X509_R_UNKNOWN_KEY_TYPE 117
#define X509_R_UNKNOWN_NID 109
#define X509_R_UNKNOWN_STRING_TYPE 110
#define X509_R_UNSUPPORTED_ALGORITHM 111
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 039a9f49f0..7d850184ca 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -271,27 +271,40 @@ EVP_PKEY *k;
int ok=0;
xk=X509_get_pubkey(x);
- if (xk->type != k->type) goto err;
+ if (xk->type != k->type)
+ {
+ SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
+ goto err;
+ }
switch (k->type)
{
#ifndef NO_RSA
case EVP_PKEY_RSA:
- if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0) goto err;
- if (BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) goto err;
+ if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0
+ || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0)
+ {
+ SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
+ goto err;
+ }
break;
#endif
#ifndef NO_DSA
case EVP_PKEY_DSA:
if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)
- goto err;
+ {
+ SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
+ goto err;
+ }
break;
#endif
#ifndef NO_DH
case EVP_PKEY_DH:
/* No idea */
+ SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
goto err;
#endif
default:
+ SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
goto err;
}
diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c
index 353b60dcc9..6adf987b04 100644
--- a/crypto/x509/x509_err.c
+++ b/crypto/x509/x509_err.c
@@ -71,6 +71,7 @@ static ERR_STRING_DATA X509_str_functs[]=
{ERR_PACK(0,X509_F_X509V3_ADD_EXTENSION,0), "X509V3_ADD_EXTENSION"},
{ERR_PACK(0,X509_F_X509V3_PACK_STRING,0), "X509v3_pack_string"},
{ERR_PACK(0,X509_F_X509V3_UNPACK_STRING,0), "X509v3_unpack_string"},
+{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0), "X509_check_private_key"},
{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"},
{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"},
{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"},
@@ -97,15 +98,19 @@ static ERR_STRING_DATA X509_str_functs[]=
static ERR_STRING_DATA X509_str_reasons[]=
{
{X509_R_BAD_X509_FILETYPE ,"bad x509 filetype"},
+{X509_R_CANT_CHECK_DH_KEY ,"cant check dh key"},
{X509_R_CERT_ALREADY_IN_HASH_TABLE ,"cert already in hash table"},
{X509_R_ERR_ASN1_LIB ,"err asn1 lib"},
{X509_R_INVALID_DIRECTORY ,"invalid directory"},
+{X509_R_KEY_TYPE_MISMATCH ,"key type mismatch"},
+{X509_R_KEY_VALUES_MISMATCH ,"key values mismatch"},
{X509_R_LOADING_CERT_DIR ,"loading cert dir"},
{X509_R_LOADING_DEFAULTS ,"loading defaults"},
{X509_R_NO_CERT_SET_FOR_US_TO_VERIFY ,"no cert set for us to verify"},
{X509_R_SHOULD_RETRY ,"should retry"},
{X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"},
{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ,"unable to get certs public key"},
+{X509_R_UNKNOWN_KEY_TYPE ,"unknown key type"},
{X509_R_UNKNOWN_NID ,"unknown nid"},
{X509_R_UNKNOWN_STRING_TYPE ,"unknown string type"},
{X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"},