Generate errors when public/private key check is done.
This commit is contained in:
Ben Laurie
parent
c74f1eb9bd
commit
4004dbb7f6
9 changed files with 36 additions and 8 deletions
3
CHANGES
3
CHANGES
|
|
@ -5,6 +5,9 @@
|
|||
|
||||
Changes between 0.9.1c and 0.9.2
|
||||
|
||||
*) Generate errors when private/public key check is done.
|
||||
[Ben Laurie]
|
||||
|
||||
*) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support
|
||||
for some CRL extensions and new objects added.
|
||||
[Steve Henson]
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@
|
|||
#define X509_F_X509V3_ADD_EXTENSION 105
|
||||
#define X509_F_X509V3_PACK_STRING 106
|
||||
#define X509_F_X509V3_UNPACK_STRING 107
|
||||
#define X509_F_X509_CHECK_PRIVATE_KEY 128
|
||||
#define X509_F_X509_EXTENSION_CREATE_BY_NID 108
|
||||
#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109
|
||||
#define X509_F_X509_GET_PUBKEY_PARAMETERS 110
|
||||
|
|
@ -32,15 +33,19 @@
|
|||
|
||||
/* Reason codes. */
|
||||
#define X509_R_BAD_X509_FILETYPE 100
|
||||
#define X509_R_CANT_CHECK_DH_KEY 114
|
||||
#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
|
||||
#define X509_R_ERR_ASN1_LIB 102
|
||||
#define X509_R_INVALID_DIRECTORY 113
|
||||
#define X509_R_KEY_TYPE_MISMATCH 115
|
||||
#define X509_R_KEY_VALUES_MISMATCH 116
|
||||
#define X509_R_LOADING_CERT_DIR 103
|
||||
#define X509_R_LOADING_DEFAULTS 104
|
||||
#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
|
||||
#define X509_R_SHOULD_RETRY 106
|
||||
#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107
|
||||
#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108
|
||||
#define X509_R_UNKNOWN_KEY_TYPE 117
|
||||
#define X509_R_UNKNOWN_NID 109
|
||||
#define X509_R_UNKNOWN_STRING_TYPE 110
|
||||
#define X509_R_UNSUPPORTED_ALGORITHM 111
|
||||
|
|
|
|||
|
|
@ -1152,6 +1152,7 @@ X509 *X509_find_by_subject();
|
|||
#define X509_F_X509V3_ADD_EXTENSION 105
|
||||
#define X509_F_X509V3_PACK_STRING 106
|
||||
#define X509_F_X509V3_UNPACK_STRING 107
|
||||
#define X509_F_X509_CHECK_PRIVATE_KEY 128
|
||||
#define X509_F_X509_EXTENSION_CREATE_BY_NID 108
|
||||
#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109
|
||||
#define X509_F_X509_GET_PUBKEY_PARAMETERS 110
|
||||
|
|
@ -1175,15 +1176,19 @@ X509 *X509_find_by_subject();
|
|||
|
||||
/* Reason codes. */
|
||||
#define X509_R_BAD_X509_FILETYPE 100
|
||||
#define X509_R_CANT_CHECK_DH_KEY 114
|
||||
#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
|
||||
#define X509_R_ERR_ASN1_LIB 102
|
||||
#define X509_R_INVALID_DIRECTORY 113
|
||||
#define X509_R_KEY_TYPE_MISMATCH 115
|
||||
#define X509_R_KEY_VALUES_MISMATCH 116
|
||||
#define X509_R_LOADING_CERT_DIR 103
|
||||
#define X509_R_LOADING_DEFAULTS 104
|
||||
#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
|
||||
#define X509_R_SHOULD_RETRY 106
|
||||
#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107
|
||||
#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108
|
||||
#define X509_R_UNKNOWN_KEY_TYPE 117
|
||||
#define X509_R_UNKNOWN_NID 109
|
||||
#define X509_R_UNKNOWN_STRING_TYPE 110
|
||||
#define X509_R_UNSUPPORTED_ALGORITHM 111
|
||||
|
|
|
|||
|
|
@ -271,27 +271,40 @@ EVP_PKEY *k;
|
|||
int ok=0;
|
||||
|
||||
xk=X509_get_pubkey(x);
|
||||
if (xk->type != k->type) goto err;
|
||||
if (xk->type != k->type)
|
||||
{
|
||||
SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
|
||||
goto err;
|
||||
}
|
||||
switch (k->type)
|
||||
{
|
||||
#ifndef NO_RSA
|
||||
case EVP_PKEY_RSA:
|
||||
if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0) goto err;
|
||||
if (BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) goto err;
|
||||
if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0
|
||||
|| BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0)
|
||||
{
|
||||
SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
|
||||
goto err;
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
#ifndef NO_DSA
|
||||
case EVP_PKEY_DSA:
|
||||
if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)
|
||||
goto err;
|
||||
{
|
||||
SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
|
||||
goto err;
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
#ifndef NO_DH
|
||||
case EVP_PKEY_DH:
|
||||
/* No idea */
|
||||
SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
|
||||
goto err;
|
||||
#endif
|
||||
default:
|
||||
SSLerr(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -71,6 +71,7 @@ static ERR_STRING_DATA X509_str_functs[]=
|
|||
{ERR_PACK(0,X509_F_X509V3_ADD_EXTENSION,0), "X509V3_ADD_EXTENSION"},
|
||||
{ERR_PACK(0,X509_F_X509V3_PACK_STRING,0), "X509v3_pack_string"},
|
||||
{ERR_PACK(0,X509_F_X509V3_UNPACK_STRING,0), "X509v3_unpack_string"},
|
||||
{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0), "X509_check_private_key"},
|
||||
{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"},
|
||||
{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"},
|
||||
{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"},
|
||||
|
|
@ -97,15 +98,19 @@ static ERR_STRING_DATA X509_str_functs[]=
|
|||
static ERR_STRING_DATA X509_str_reasons[]=
|
||||
{
|
||||
{X509_R_BAD_X509_FILETYPE ,"bad x509 filetype"},
|
||||
{X509_R_CANT_CHECK_DH_KEY ,"cant check dh key"},
|
||||
{X509_R_CERT_ALREADY_IN_HASH_TABLE ,"cert already in hash table"},
|
||||
{X509_R_ERR_ASN1_LIB ,"err asn1 lib"},
|
||||
{X509_R_INVALID_DIRECTORY ,"invalid directory"},
|
||||
{X509_R_KEY_TYPE_MISMATCH ,"key type mismatch"},
|
||||
{X509_R_KEY_VALUES_MISMATCH ,"key values mismatch"},
|
||||
{X509_R_LOADING_CERT_DIR ,"loading cert dir"},
|
||||
{X509_R_LOADING_DEFAULTS ,"loading defaults"},
|
||||
{X509_R_NO_CERT_SET_FOR_US_TO_VERIFY ,"no cert set for us to verify"},
|
||||
{X509_R_SHOULD_RETRY ,"should retry"},
|
||||
{X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"},
|
||||
{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ,"unable to get certs public key"},
|
||||
{X509_R_UNKNOWN_KEY_TYPE ,"unknown key type"},
|
||||
{X509_R_UNKNOWN_NID ,"unknown nid"},
|
||||
{X509_R_UNKNOWN_STRING_TYPE ,"unknown string type"},
|
||||
{X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"},
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@
|
|||
static ERR_STRING_DATA X509V3_str_functs[]=
|
||||
{
|
||||
{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"},
|
||||
{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "I2S_ASN1_ENUMERATED"},
|
||||
{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"},
|
||||
{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"},
|
||||
{ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0), "S2I_ASN1_IA5STRING"},
|
||||
{ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0), "s2i_ASN1_OCTET_STRING"},
|
||||
|
|
|
|||
|
|
@ -68,7 +68,6 @@
|
|||
#define SSL_F_SSL_CLEAR 164
|
||||
#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165
|
||||
#define SSL_F_SSL_CREATE_CIPHER_LIST 166
|
||||
#define SSL_F_SSL_CTX_ADD_COMPRESSION 167
|
||||
#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
|
||||
#define SSL_F_SSL_CTX_NEW 169
|
||||
#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
|
||||
|
|
|
|||
|
|
@ -1333,7 +1333,6 @@ void SSL_CTX_set_tmp_dh_callback();
|
|||
#define SSL_F_SSL_CLEAR 164
|
||||
#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165
|
||||
#define SSL_F_SSL_CREATE_CIPHER_LIST 166
|
||||
#define SSL_F_SSL_CTX_ADD_COMPRESSION 167
|
||||
#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
|
||||
#define SSL_F_SSL_CTX_NEW 169
|
||||
#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
|
||||
|
|
|
|||
|
|
@ -130,7 +130,6 @@ static ERR_STRING_DATA SSL_str_functs[]=
|
|||
{ERR_PACK(0,SSL_F_SSL_CLEAR,0), "SSL_clear"},
|
||||
{ERR_PACK(0,SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,0), "SSL_COMP_add_compression_method"},
|
||||
{ERR_PACK(0,SSL_F_SSL_CREATE_CIPHER_LIST,0), "SSL_CREATE_CIPHER_LIST"},
|
||||
{ERR_PACK(0,SSL_F_SSL_CTX_ADD_COMPRESSION,0), "SSL_CTX_ADD_COMPRESSION"},
|
||||
{ERR_PACK(0,SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,0), "SSL_CTX_check_private_key"},
|
||||
{ERR_PACK(0,SSL_F_SSL_CTX_NEW,0), "SSL_CTX_new"},
|
||||
{ERR_PACK(0,SSL_F_SSL_CTX_SET_SSL_VERSION,0), "SSL_CTX_set_ssl_version"},
|
||||
|
|
|
|||
Loading…
Reference in a new issue