From: Dr. Stephen Henson Date: Fri, 28 Apr 2006 12:27:37 +0000 (+0000) Subject: Update EVP_PKEY_cmp() and X509_check_private() to return sensible values and X-Git-Tag: OpenSSL_0_9_8k^2~1356 X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=b46343583c1172c6e0fcad3227cf50622aae7998 Update EVP_PKEY_cmp() and X509_check_private() to return sensible values and handle unsupported key types. --- diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 1a1e61a64e..19644ab6e2 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -149,7 +149,7 @@ int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) return -1; if (a->ameth && a->ameth->param_cmp) return a->ameth->param_cmp(a, b); - return -1; + return -2; } int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 0d6bc653b2..d04225a932 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -386,14 +386,19 @@ ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) int X509_check_private_key(X509 *x, EVP_PKEY *k) { - EVP_PKEY *xk=NULL; - int ok=0; + EVP_PKEY *xk; + int ret; xk=X509_get_pubkey(x); - switch (EVP_PKEY_cmp(xk, k)) + + if (xk) + ret = EVP_PKEY_cmp(xk, k); + else + ret = -2; + + switch (ret) { case 1: - ok=1; break; case 0: X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); @@ -402,24 +407,11 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); break; case -2: -#ifndef OPENSSL_NO_EC - if (k->type == EVP_PKEY_EC) - { - X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); - break; - } -#endif -#ifndef OPENSSL_NO_DH - if (k->type == EVP_PKEY_DH) - { - /* No idea */ - X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); - break; - } -#endif X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); } - - EVP_PKEY_free(xk); - return(ok); + if (xk) + EVP_PKEY_free(xk); + if (ret > 0) + return 1; + return 0; }