Commit 4004dbb7 authored by Ben Laurie's avatar Ben Laurie
Browse files

Generate errors when public/private key check is done.

parent c74f1eb9

CHANGES

+3 −0
Original line number Diff line number Diff line
@@ -5,6 +5,9 @@ 


 Changes between 0.9.1c and 0.9.2



  *) Generate errors when private/public key check is done.

     [Ben Laurie]



  *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support

     for some CRL extensions and new objects added.

     [Steve Henson]

crypto/x509/x509.err

+5 −0
Original line number Diff line number Diff line
@@ -9,6 +9,7 @@ 
#define X509_F_X509V3_ADD_EXTENSION			 105

#define X509_F_X509V3_PACK_STRING			 106

#define X509_F_X509V3_UNPACK_STRING			 107

#define X509_F_X509_CHECK_PRIVATE_KEY			 128

#define X509_F_X509_EXTENSION_CREATE_BY_NID		 108

#define X509_F_X509_EXTENSION_CREATE_BY_OBJ		 109

#define X509_F_X509_GET_PUBKEY_PARAMETERS		 110
@@ -32,15 +33,19 @@ 


/* Reason codes. */

#define X509_R_BAD_X509_FILETYPE			 100

#define X509_R_CANT_CHECK_DH_KEY			 114

#define X509_R_CERT_ALREADY_IN_HASH_TABLE		 101

#define X509_R_ERR_ASN1_LIB				 102

#define X509_R_INVALID_DIRECTORY			 113

#define X509_R_KEY_TYPE_MISMATCH			 115

#define X509_R_KEY_VALUES_MISMATCH			 116

#define X509_R_LOADING_CERT_DIR				 103

#define X509_R_LOADING_DEFAULTS				 104

#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY		 105

#define X509_R_SHOULD_RETRY				 106

#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN	 107

#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY		 108

#define X509_R_UNKNOWN_KEY_TYPE				 117

#define X509_R_UNKNOWN_NID				 109

#define X509_R_UNKNOWN_STRING_TYPE			 110

#define X509_R_UNSUPPORTED_ALGORITHM			 111

crypto/x509/x509.h

+5 −0
Original line number Diff line number Diff line
@@ -1152,6 +1152,7 @@ X509 *X509_find_by_subject(); 
#define X509_F_X509V3_ADD_EXTENSION			 105

#define X509_F_X509V3_PACK_STRING			 106

#define X509_F_X509V3_UNPACK_STRING			 107

#define X509_F_X509_CHECK_PRIVATE_KEY			 128

#define X509_F_X509_EXTENSION_CREATE_BY_NID		 108

#define X509_F_X509_EXTENSION_CREATE_BY_OBJ		 109

#define X509_F_X509_GET_PUBKEY_PARAMETERS		 110
@@ -1175,15 +1176,19 @@ X509 *X509_find_by_subject(); 


/* Reason codes. */

#define X509_R_BAD_X509_FILETYPE			 100

#define X509_R_CANT_CHECK_DH_KEY			 114

#define X509_R_CERT_ALREADY_IN_HASH_TABLE		 101

#define X509_R_ERR_ASN1_LIB				 102

#define X509_R_INVALID_DIRECTORY			 113

#define X509_R_KEY_TYPE_MISMATCH			 115

#define X509_R_KEY_VALUES_MISMATCH			 116

#define X509_R_LOADING_CERT_DIR				 103

#define X509_R_LOADING_DEFAULTS				 104

#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY		 105

#define X509_R_SHOULD_RETRY				 106

#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN	 107

#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY		 108

#define X509_R_UNKNOWN_KEY_TYPE				 117

#define X509_R_UNKNOWN_NID				 109

#define X509_R_UNKNOWN_STRING_TYPE			 110

#define X509_R_UNSUPPORTED_ALGORITHM			 111

crypto/x509/x509_cmp.c

+17 −4
Original line number Diff line number Diff line
@@ -271,27 +271,40 @@ EVP_PKEY *k; 
	int ok=0;



	xk=X509_get_pubkey(x);

	if (xk->type != k->type) goto err;

	if (xk->type != k->type)

	    {

	    SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);

	    goto err;

	    }

	switch (k->type)

		{

#ifndef NO_RSA

	case EVP_PKEY_RSA:

		if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0) goto err;

		if (BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) goto err;

		if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0

		    || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0)

		    {

		    SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);

		    goto err;

		    }

		break;

#endif

#ifndef NO_DSA

	case EVP_PKEY_DSA:

		if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)

		    {

		    SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);

		    goto err;

		    }

		break;

#endif

#ifndef NO_DH

	case EVP_PKEY_DH:

		/* No idea */

	        SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);

		goto err;

#endif

	default:

	        SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);

		goto err;

		}

crypto/x509/x509_err.c

+5 −0
Original line number Diff line number Diff line
@@ -71,6 +71,7 @@ static ERR_STRING_DATA X509_str_functs[]= 
{ERR_PACK(0,X509_F_X509V3_ADD_EXTENSION,0),	"X509V3_ADD_EXTENSION"},

{ERR_PACK(0,X509_F_X509V3_PACK_STRING,0),	"X509v3_pack_string"},

{ERR_PACK(0,X509_F_X509V3_UNPACK_STRING,0),	"X509v3_unpack_string"},

{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0),	"X509_check_private_key"},

{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0),	"X509_EXTENSION_create_by_NID"},

{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0),	"X509_EXTENSION_create_by_OBJ"},

{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0),	"X509_get_pubkey_parameters"},
@@ -97,15 +98,19 @@ static ERR_STRING_DATA X509_str_functs[]= 
static ERR_STRING_DATA X509_str_reasons[]=

	{

{X509_R_BAD_X509_FILETYPE                ,"bad x509 filetype"},

{X509_R_CANT_CHECK_DH_KEY                ,"cant check dh key"},

{X509_R_CERT_ALREADY_IN_HASH_TABLE       ,"cert already in hash table"},

{X509_R_ERR_ASN1_LIB                     ,"err asn1 lib"},

{X509_R_INVALID_DIRECTORY                ,"invalid directory"},

{X509_R_KEY_TYPE_MISMATCH                ,"key type mismatch"},

{X509_R_KEY_VALUES_MISMATCH              ,"key values mismatch"},

{X509_R_LOADING_CERT_DIR                 ,"loading cert dir"},

{X509_R_LOADING_DEFAULTS                 ,"loading defaults"},

{X509_R_NO_CERT_SET_FOR_US_TO_VERIFY     ,"no cert set for us to verify"},

{X509_R_SHOULD_RETRY                     ,"should retry"},

{X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"},

{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY   ,"unable to get certs public key"},

{X509_R_UNKNOWN_KEY_TYPE                 ,"unknown key type"},

{X509_R_UNKNOWN_NID                      ,"unknown nid"},

{X509_R_UNKNOWN_STRING_TYPE              ,"unknown string type"},

{X509_R_UNSUPPORTED_ALGORITHM            ,"unsupported algorithm"},