Update EVP_PKEY_cmp() and X509_check_private() to return sensible values and
authorDr. Stephen Henson <steve@openssl.org>
Fri, 28 Apr 2006 12:27:37 +0000 (12:27 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 28 Apr 2006 12:27:37 +0000 (12:27 +0000)
handle unsupported key types.

crypto/evp/p_lib.c
crypto/x509/x509_cmp.c

index 1a1e61a64e00425a6f6f83cb32b6dbb0ff4f8659..19644ab6e26922d42b28429e0514c64757ca004a 100644 (file)
@@ -149,7 +149,7 @@ int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
                return -1;
        if (a->ameth && a->ameth->param_cmp)
                return a->ameth->param_cmp(a, b);
-       return -1;
+       return -2;
        }
 
 int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
index 0d6bc653b21b27de5054fb3fadefd0fa61da5ada..d04225a932d314f10c010a8313cbc3723a8b4b2a 100644 (file)
@@ -386,14 +386,19 @@ ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
 
 int X509_check_private_key(X509 *x, EVP_PKEY *k)
        {
-       EVP_PKEY *xk=NULL;
-       int ok=0;
+       EVP_PKEY *xk;
+       int ret;
 
        xk=X509_get_pubkey(x);
-       switch (EVP_PKEY_cmp(xk, k))
+
+       if (xk)
+               ret = EVP_PKEY_cmp(xk, k);
+       else
+               ret = -2;
+
+       switch (ret)
                {
        case 1:
-               ok=1;
                break;
        case 0:
                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
@@ -402,24 +407,11 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k)
                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
                break;
        case -2:
-#ifndef OPENSSL_NO_EC
-               if (k->type == EVP_PKEY_EC)
-                       {
-                       X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
-                       break;
-                       }
-#endif
-#ifndef OPENSSL_NO_DH
-               if (k->type == EVP_PKEY_DH)
-                       {
-                       /* No idea */
-                       X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
-                       break;
-                       }
-#endif
                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
                }
-
-       EVP_PKEY_free(xk);
-       return(ok);
+       if (xk)
+               EVP_PKEY_free(xk);
+       if (ret > 0)
+               return 1;
+       return 0;
        }