Generate errors when public/private key check is done.
authorBen Laurie <ben@openssl.org>
Sat, 20 Feb 1999 11:50:07 +0000 (11:50 +0000)
committerBen Laurie <ben@openssl.org>
Sat, 20 Feb 1999 11:50:07 +0000 (11:50 +0000)
CHANGES
crypto/x509/x509.err
crypto/x509/x509.h
crypto/x509/x509_cmp.c
crypto/x509/x509_err.c
crypto/x509v3/v3err.c
ssl/ssl.err
ssl/ssl.h
ssl/ssl_err.c

diff --git a/CHANGES b/CHANGES
index 2e47692..1891c53 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,9 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) Generate errors when private/public key check is done.
+     [Ben Laurie]
+
   *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support
      for some CRL extensions and new objects added.
      [Steve Henson]
index c81001a..49c1133 100644 (file)
@@ -9,6 +9,7 @@
 #define X509_F_X509V3_ADD_EXTENSION                     105
 #define X509_F_X509V3_PACK_STRING                       106
 #define X509_F_X509V3_UNPACK_STRING                     107
+#define X509_F_X509_CHECK_PRIVATE_KEY                   128
 #define X509_F_X509_EXTENSION_CREATE_BY_NID             108
 #define X509_F_X509_EXTENSION_CREATE_BY_OBJ             109
 #define X509_F_X509_GET_PUBKEY_PARAMETERS               110
 
 /* Reason codes. */
 #define X509_R_BAD_X509_FILETYPE                        100
+#define X509_R_CANT_CHECK_DH_KEY                        114
 #define X509_R_CERT_ALREADY_IN_HASH_TABLE               101
 #define X509_R_ERR_ASN1_LIB                             102
 #define X509_R_INVALID_DIRECTORY                        113
+#define X509_R_KEY_TYPE_MISMATCH                        115
+#define X509_R_KEY_VALUES_MISMATCH                      116
 #define X509_R_LOADING_CERT_DIR                                 103
 #define X509_R_LOADING_DEFAULTS                                 104
 #define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY             105
 #define X509_R_SHOULD_RETRY                             106
 #define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN       107
 #define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY           108
+#define X509_R_UNKNOWN_KEY_TYPE                                 117
 #define X509_R_UNKNOWN_NID                              109
 #define X509_R_UNKNOWN_STRING_TYPE                      110
 #define X509_R_UNSUPPORTED_ALGORITHM                    111
index 694689e..8c084db 100644 (file)
@@ -1152,6 +1152,7 @@ X509 *X509_find_by_subject();
 #define X509_F_X509V3_ADD_EXTENSION                     105
 #define X509_F_X509V3_PACK_STRING                       106
 #define X509_F_X509V3_UNPACK_STRING                     107
+#define X509_F_X509_CHECK_PRIVATE_KEY                   128
 #define X509_F_X509_EXTENSION_CREATE_BY_NID             108
 #define X509_F_X509_EXTENSION_CREATE_BY_OBJ             109
 #define X509_F_X509_GET_PUBKEY_PARAMETERS               110
@@ -1175,15 +1176,19 @@ X509 *X509_find_by_subject();
 
 /* Reason codes. */
 #define X509_R_BAD_X509_FILETYPE                        100
+#define X509_R_CANT_CHECK_DH_KEY                        114
 #define X509_R_CERT_ALREADY_IN_HASH_TABLE               101
 #define X509_R_ERR_ASN1_LIB                             102
 #define X509_R_INVALID_DIRECTORY                        113
+#define X509_R_KEY_TYPE_MISMATCH                        115
+#define X509_R_KEY_VALUES_MISMATCH                      116
 #define X509_R_LOADING_CERT_DIR                                 103
 #define X509_R_LOADING_DEFAULTS                                 104
 #define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY             105
 #define X509_R_SHOULD_RETRY                             106
 #define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN       107
 #define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY           108
+#define X509_R_UNKNOWN_KEY_TYPE                                 117
 #define X509_R_UNKNOWN_NID                              109
 #define X509_R_UNKNOWN_STRING_TYPE                      110
 #define X509_R_UNSUPPORTED_ALGORITHM                    111
index 039a9f4..7d85018 100644 (file)
@@ -271,27 +271,40 @@ EVP_PKEY *k;
        int ok=0;
 
        xk=X509_get_pubkey(x);
-       if (xk->type != k->type) goto err;
+       if (xk->type != k->type)
+           {
+           SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
+           goto err;
+           }
        switch (k->type)
                {
 #ifndef NO_RSA
        case EVP_PKEY_RSA:
-               if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0) goto err;
-               if (BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) goto err;
+               if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0
+                   || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0)
+                   {
+                   SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
+                   goto err;
+                   }
                break;
 #endif
 #ifndef NO_DSA
        case EVP_PKEY_DSA:
                if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)
-                       goto err;
+                   {
+                   SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
+                   goto err;
+                   }
                break;
 #endif
 #ifndef NO_DH
        case EVP_PKEY_DH:
                /* No idea */
+               SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
                goto err;
 #endif
        default:
+               SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
                goto err;
                }
 
index 353b60d..6adf987 100644 (file)
@@ -71,6 +71,7 @@ static ERR_STRING_DATA X509_str_functs[]=
 {ERR_PACK(0,X509_F_X509V3_ADD_EXTENSION,0),    "X509V3_ADD_EXTENSION"},
 {ERR_PACK(0,X509_F_X509V3_PACK_STRING,0),      "X509v3_pack_string"},
 {ERR_PACK(0,X509_F_X509V3_UNPACK_STRING,0),    "X509v3_unpack_string"},
+{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0),  "X509_check_private_key"},
 {ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0),    "X509_EXTENSION_create_by_NID"},
 {ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0),    "X509_EXTENSION_create_by_OBJ"},
 {ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0),      "X509_get_pubkey_parameters"},
@@ -97,15 +98,19 @@ static ERR_STRING_DATA X509_str_functs[]=
 static ERR_STRING_DATA X509_str_reasons[]=
        {
 {X509_R_BAD_X509_FILETYPE                ,"bad x509 filetype"},
+{X509_R_CANT_CHECK_DH_KEY                ,"cant check dh key"},
 {X509_R_CERT_ALREADY_IN_HASH_TABLE       ,"cert already in hash table"},
 {X509_R_ERR_ASN1_LIB                     ,"err asn1 lib"},
 {X509_R_INVALID_DIRECTORY                ,"invalid directory"},
+{X509_R_KEY_TYPE_MISMATCH                ,"key type mismatch"},
+{X509_R_KEY_VALUES_MISMATCH              ,"key values mismatch"},
 {X509_R_LOADING_CERT_DIR                 ,"loading cert dir"},
 {X509_R_LOADING_DEFAULTS                 ,"loading defaults"},
 {X509_R_NO_CERT_SET_FOR_US_TO_VERIFY     ,"no cert set for us to verify"},
 {X509_R_SHOULD_RETRY                     ,"should retry"},
 {X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"},
 {X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY   ,"unable to get certs public key"},
+{X509_R_UNKNOWN_KEY_TYPE                 ,"unknown key type"},
 {X509_R_UNKNOWN_NID                      ,"unknown nid"},
 {X509_R_UNKNOWN_STRING_TYPE              ,"unknown string type"},
 {X509_R_UNSUPPORTED_ALGORITHM            ,"unsupported algorithm"},
index 633c530..cee230e 100644 (file)
@@ -64,7 +64,7 @@
 static ERR_STRING_DATA X509V3_str_functs[]=
        {
 {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"},
-{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0),   "I2S_ASN1_ENUMERATED"},
+{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0),   "i2s_ASN1_ENUMERATED"},
 {ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0),      "i2s_ASN1_INTEGER"},
 {ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0),    "S2I_ASN1_IA5STRING"},
 {ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0), "s2i_ASN1_OCTET_STRING"},
index 84256f9..9c8ce62 100644 (file)
@@ -68,7 +68,6 @@
 #define SSL_F_SSL_CLEAR                                         164
 #define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD           165
 #define SSL_F_SSL_CREATE_CIPHER_LIST                    166
-#define SSL_F_SSL_CTX_ADD_COMPRESSION                   167
 #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                         168
 #define SSL_F_SSL_CTX_NEW                               169
 #define SSL_F_SSL_CTX_SET_SSL_VERSION                   170
index 689122d..e6a1327 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1333,7 +1333,6 @@ void SSL_CTX_set_tmp_dh_callback();
 #define SSL_F_SSL_CLEAR                                         164
 #define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD           165
 #define SSL_F_SSL_CREATE_CIPHER_LIST                    166
-#define SSL_F_SSL_CTX_ADD_COMPRESSION                   167
 #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                         168
 #define SSL_F_SSL_CTX_NEW                               169
 #define SSL_F_SSL_CTX_SET_SSL_VERSION                   170
index 5f3d94d..cca0763 100644 (file)
@@ -130,7 +130,6 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL_CLEAR,0),        "SSL_clear"},
 {ERR_PACK(0,SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,0),  "SSL_COMP_add_compression_method"},
 {ERR_PACK(0,SSL_F_SSL_CREATE_CIPHER_LIST,0),   "SSL_CREATE_CIPHER_LIST"},
-{ERR_PACK(0,SSL_F_SSL_CTX_ADD_COMPRESSION,0),  "SSL_CTX_ADD_COMPRESSION"},
 {ERR_PACK(0,SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,0),        "SSL_CTX_check_private_key"},
 {ERR_PACK(0,SSL_F_SSL_CTX_NEW,0),      "SSL_CTX_new"},
 {ERR_PACK(0,SSL_F_SSL_CTX_SET_SSL_VERSION,0),  "SSL_CTX_set_ssl_version"},