From b46343583c1172c6e0fcad3227cf50622aae7998 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 28 Apr 2006 12:27:37 +0000
Subject: Update EVP_PKEY_cmp() and X509_check_private() to return sensible
 values and handle unsupported key types.

---
 crypto/x509/x509_cmp.c | 36 ++++++++++++++----------------------
 1 file changed, 14 insertions(+), 22 deletions(-)

(limited to 'crypto/x509/x509_cmp.c')

diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 0d6bc653b2..d04225a932 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -386,14 +386,19 @@ ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
 
 int X509_check_private_key(X509 *x, EVP_PKEY *k)
 	{
-	EVP_PKEY *xk=NULL;
-	int ok=0;
+	EVP_PKEY *xk;
+	int ret;
 
 	xk=X509_get_pubkey(x);
-	switch (EVP_PKEY_cmp(xk, k))
+
+	if (xk)
+		ret = EVP_PKEY_cmp(xk, k);
+	else
+		ret = -2;
+
+	switch (ret)
 		{
 	case 1:
-		ok=1;
 		break;
 	case 0:
 		X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
@@ -402,24 +407,11 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k)
 		X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
 		break;
 	case -2:
-#ifndef OPENSSL_NO_EC
-		if (k->type == EVP_PKEY_EC)
-			{
-			X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
-			break;
-			}
-#endif
-#ifndef OPENSSL_NO_DH
-		if (k->type == EVP_PKEY_DH)
-			{
-			/* No idea */
-			X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
-			break;
-			}
-#endif
 	        X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
 		}
-
-	EVP_PKEY_free(xk);
-	return(ok);
+	if (xk)
+		EVP_PKEY_free(xk);
+	if (ret > 0)
+		return 1;
+	return 0;
 	}
-- 
cgit v1.2.3