Changes between 0.9.1c and 0.9.2
+ *) Generate errors when private/public key check is done.
+ [Ben Laurie]
+
*) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support
for some CRL extensions and new objects added.
[Steve Henson]
#define X509_F_X509V3_ADD_EXTENSION 105
#define X509_F_X509V3_PACK_STRING 106
#define X509_F_X509V3_UNPACK_STRING 107
+#define X509_F_X509_CHECK_PRIVATE_KEY 128
#define X509_F_X509_EXTENSION_CREATE_BY_NID 108
#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109
#define X509_F_X509_GET_PUBKEY_PARAMETERS 110
/* Reason codes. */
#define X509_R_BAD_X509_FILETYPE 100
+#define X509_R_CANT_CHECK_DH_KEY 114
#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
#define X509_R_ERR_ASN1_LIB 102
#define X509_R_INVALID_DIRECTORY 113
+#define X509_R_KEY_TYPE_MISMATCH 115
+#define X509_R_KEY_VALUES_MISMATCH 116
#define X509_R_LOADING_CERT_DIR 103
#define X509_R_LOADING_DEFAULTS 104
#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
#define X509_R_SHOULD_RETRY 106
#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107
#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108
+#define X509_R_UNKNOWN_KEY_TYPE 117
#define X509_R_UNKNOWN_NID 109
#define X509_R_UNKNOWN_STRING_TYPE 110
#define X509_R_UNSUPPORTED_ALGORITHM 111
#define X509_F_X509V3_ADD_EXTENSION 105
#define X509_F_X509V3_PACK_STRING 106
#define X509_F_X509V3_UNPACK_STRING 107
+#define X509_F_X509_CHECK_PRIVATE_KEY 128
#define X509_F_X509_EXTENSION_CREATE_BY_NID 108
#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109
#define X509_F_X509_GET_PUBKEY_PARAMETERS 110
/* Reason codes. */
#define X509_R_BAD_X509_FILETYPE 100
+#define X509_R_CANT_CHECK_DH_KEY 114
#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
#define X509_R_ERR_ASN1_LIB 102
#define X509_R_INVALID_DIRECTORY 113
+#define X509_R_KEY_TYPE_MISMATCH 115
+#define X509_R_KEY_VALUES_MISMATCH 116
#define X509_R_LOADING_CERT_DIR 103
#define X509_R_LOADING_DEFAULTS 104
#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
#define X509_R_SHOULD_RETRY 106
#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107
#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108
+#define X509_R_UNKNOWN_KEY_TYPE 117
#define X509_R_UNKNOWN_NID 109
#define X509_R_UNKNOWN_STRING_TYPE 110
#define X509_R_UNSUPPORTED_ALGORITHM 111
int ok=0;
xk=X509_get_pubkey(x);
- if (xk->type != k->type) goto err;
+ if (xk->type != k->type)
+ {
+ SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
+ goto err;
+ }
switch (k->type)
{
#ifndef NO_RSA
case EVP_PKEY_RSA:
- if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0) goto err;
- if (BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) goto err;
+ if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0
+ || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0)
+ {
+ SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
+ goto err;
+ }
break;
#endif
#ifndef NO_DSA
case EVP_PKEY_DSA:
if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)
- goto err;
+ {
+ SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
+ goto err;
+ }
break;
#endif
#ifndef NO_DH
case EVP_PKEY_DH:
/* No idea */
+ SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
goto err;
#endif
default:
+ SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
goto err;
}
{ERR_PACK(0,X509_F_X509V3_ADD_EXTENSION,0), "X509V3_ADD_EXTENSION"},
{ERR_PACK(0,X509_F_X509V3_PACK_STRING,0), "X509v3_pack_string"},
{ERR_PACK(0,X509_F_X509V3_UNPACK_STRING,0), "X509v3_unpack_string"},
+{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0), "X509_check_private_key"},
{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"},
{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"},
{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"},
static ERR_STRING_DATA X509_str_reasons[]=
{
{X509_R_BAD_X509_FILETYPE ,"bad x509 filetype"},
+{X509_R_CANT_CHECK_DH_KEY ,"cant check dh key"},
{X509_R_CERT_ALREADY_IN_HASH_TABLE ,"cert already in hash table"},
{X509_R_ERR_ASN1_LIB ,"err asn1 lib"},
{X509_R_INVALID_DIRECTORY ,"invalid directory"},
+{X509_R_KEY_TYPE_MISMATCH ,"key type mismatch"},
+{X509_R_KEY_VALUES_MISMATCH ,"key values mismatch"},
{X509_R_LOADING_CERT_DIR ,"loading cert dir"},
{X509_R_LOADING_DEFAULTS ,"loading defaults"},
{X509_R_NO_CERT_SET_FOR_US_TO_VERIFY ,"no cert set for us to verify"},
{X509_R_SHOULD_RETRY ,"should retry"},
{X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"},
{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ,"unable to get certs public key"},
+{X509_R_UNKNOWN_KEY_TYPE ,"unknown key type"},
{X509_R_UNKNOWN_NID ,"unknown nid"},
{X509_R_UNKNOWN_STRING_TYPE ,"unknown string type"},
{X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"},
static ERR_STRING_DATA X509V3_str_functs[]=
{
{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"},
-{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "I2S_ASN1_ENUMERATED"},
+{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"},
{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"},
{ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0), "S2I_ASN1_IA5STRING"},
{ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0), "s2i_ASN1_OCTET_STRING"},
#define SSL_F_SSL_CLEAR 164
#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165
#define SSL_F_SSL_CREATE_CIPHER_LIST 166
-#define SSL_F_SSL_CTX_ADD_COMPRESSION 167
#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
#define SSL_F_SSL_CTX_NEW 169
#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
#define SSL_F_SSL_CLEAR 164
#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165
#define SSL_F_SSL_CREATE_CIPHER_LIST 166
-#define SSL_F_SSL_CTX_ADD_COMPRESSION 167
#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
#define SSL_F_SSL_CTX_NEW 169
#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
{ERR_PACK(0,SSL_F_SSL_CLEAR,0), "SSL_clear"},
{ERR_PACK(0,SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,0), "SSL_COMP_add_compression_method"},
{ERR_PACK(0,SSL_F_SSL_CREATE_CIPHER_LIST,0), "SSL_CREATE_CIPHER_LIST"},
-{ERR_PACK(0,SSL_F_SSL_CTX_ADD_COMPRESSION,0), "SSL_CTX_ADD_COMPRESSION"},
{ERR_PACK(0,SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,0), "SSL_CTX_check_private_key"},
{ERR_PACK(0,SSL_F_SSL_CTX_NEW,0), "SSL_CTX_new"},
{ERR_PACK(0,SSL_F_SSL_CTX_SET_SSL_VERSION,0), "SSL_CTX_set_ssl_version"},
projects / openssl.git / commitdiff