Update EVP_PKEY_cmp() and X509_check_private() to return sensible values and

handle unsupported key types.

Update EVP_PKEY_cmp() and X509_check_private() to return sensible values and
handle unsupported key types.
b4634358 · Dr. Stephen Henson · 816c2b5a · b4634358 · b4634358
隐藏空白更改
内联并排

Showing with 15 addition and 23 deletion

crypto/evp/p_lib.c crypto/evp/p_lib.c +1 -1

crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c +14 -22

未找到文件。
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -149,7 +149,7 @@ int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
 		return -1;
 	if (a->ameth && a->ameth->param_cmp)
 		return a->ameth->param_cmp(a, b);
-	return -1;
+	return -2;
 	}
 int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)

--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -386,14 +386,19 @@ ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
 int X509_check_private_key(X509 *x, EVP_PKEY *k)
 	{
-	EVP_PKEY *xk=NULL;
+	EVP_PKEY *xk;
-	int ok=0;
+	int ret;
 	xk=X509_get_pubkey(x);
-	switch (EVP_PKEY_cmp(xk, k))
+	if (xk)
+		ret = EVP_PKEY_cmp(xk, k);
+	else
+		ret = -2;
+	switch (ret)
 		{
 	case 1:
-		ok=1;
 		break;
 	case 0:
 		X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
@@ -402,24 +407,11 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k)
 		X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
 		break;
 	case -2:
-#ifndef OPENSSL_NO_EC
-		if (k->type == EVP_PKEY_EC)
-			{
-			X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
-			break;
-			}
-#endif
-#ifndef OPENSSL_NO_DH
-		if (k->type == EVP_PKEY_DH)
-			{
-			/* No idea */
-			X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
-			break;
-			}
-#endif
 	        X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
 		}
+	if (xk)
-	EVP_PKEY_free(xk);
+		EVP_PKEY_free(xk);
-	return(ok);
+	if (ret > 0)
+		return 1;
+	return 0;
 	}