import of OpenSSL 0.9.8h

author: djm <> 2008-09-06 12:15:56 +0000
committer: djm <> 2008-09-06 12:15:56 +0000
commit: 5a3c0a05c7f2c5d3c584b7c8d6aec836dd724c80 (patch)
tree: aba68249883aa9d2361d92eef69a81d0c4961732 /src/lib/libcrypto/x509/x509_req.c
parent: f6198d4d0ab97685dc56be2d48715ed39fcc74b9 (diff)
download: openbsd-5a3c0a05c7f2c5d3c584b7c8d6aec836dd724c80.tar.gz
openbsd-5a3c0a05c7f2c5d3c584b7c8d6aec836dd724c80.tar.bz2
openbsd-5a3c0a05c7f2c5d3c584b7c8d6aec836dd724c80.zip
1 files changed, 47 insertions, 2 deletions
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
index 59fc6ca548..3872e1fb64 100644
--- a/src/lib/libcrypto/x509/x509_req.c
+++ b/src/lib/libcrypto/x509/x509_req.c
@@ -113,6 +113,46 @@ EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
        return(X509_PUBKEY_get(req->req_info->pubkey));
        }
+int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
+        {
+        EVP_PKEY *xk=NULL;
+        int ok=0;
+        xk=X509_REQ_get_pubkey(x);
+        switch (EVP_PKEY_cmp(xk, k))
+                {
+        case 1:
+                ok=1;
+                break;
+        case 0:
+                X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
+                break;
+        case -1:
+                X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
+                break;
+        case -2:
+#ifndef OPENSSL_NO_EC
+                if (k->type == EVP_PKEY_EC)
+                        {
+                        X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
+                        break;
+                        }
+#endif
+#ifndef OPENSSL_NO_DH
+                if (k->type == EVP_PKEY_DH)
+                        {
+                        /* No idea */
+                        X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
+                        break;
+                        }
+#endif
+                X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
+                }
+        EVP_PKEY_free(xk);
+        return(ok);
+        }
 /* It seems several organisations had the same idea of including a list of
 * extensions in a certificate request. There are at least two OIDs that are
 * used and there may be more: so the list is configurable.
@@ -147,7 +187,7 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
        X509_ATTRIBUTE *attr;
        ASN1_TYPE *ext = NULL;
        int idx, *pnid;
-        unsigned char *p;
+        const unsigned char *p;
        if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
                return(NULL);
@@ -169,7 +209,7 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
                        ext->value.sequence->length,
                        d2i_X509_EXTENSION, X509_EXTENSION_free,
                        V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-        }
+}
 /* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
 * in case we want to create a non standard one.
@@ -202,6 +242,11 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
        at = NULL;
        attr->single = 0;
        attr->object = OBJ_nid2obj(nid);
+        if (!req->req_info->attributes)
+                {
+                if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null()))
+                        goto err;
+                }
        if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
        return 1;
        err:
author	djm <>	2008-09-06 12:15:56 +0000
committer	djm <>	2008-09-06 12:15:56 +0000
commit	5a3c0a05c7f2c5d3c584b7c8d6aec836dd724c80 (patch)
tree	aba68249883aa9d2361d92eef69a81d0c4961732 /src/lib/libcrypto/x509/x509_req.c
parent	f6198d4d0ab97685dc56be2d48715ed39fcc74b9 (diff)
download	openbsd-5a3c0a05c7f2c5d3c584b7c8d6aec836dd724c80.tar.gz openbsd-5a3c0a05c7f2c5d3c584b7c8d6aec836dd724c80.tar.bz2 openbsd-5a3c0a05c7f2c5d3c584b7c8d6aec836dd724c80.zip

diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c index 59fc6ca548..3872e1fb64 100644 --- a/src/lib/libcrypto/x509/x509_req.c +++ b/src/lib/libcrypto/x509/x509_req.c
@@ -113,6 +113,46 @@ EVP_PKEY X509_REQ_get_pubkey(X509_REQ req)
113	return(X509_PUBKEY_get(req->req_info->pubkey));	113	return(X509_PUBKEY_get(req->req_info->pubkey));
114	}	114	}
115		115
		116	int X509_REQ_check_private_key(X509_REQ x, EVP_PKEY k)
		117	{
		118	EVP_PKEY *xk=NULL;
		119	int ok=0;
		120
		121	xk=X509_REQ_get_pubkey(x);
		122	switch (EVP_PKEY_cmp(xk, k))
		123	{
		124	case 1:
		125	ok=1;
		126	break;
		127	case 0:
		128	X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
		129	break;
		130	case -1:
		131	X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
		132	break;
		133	case -2:
		134	#ifndef OPENSSL_NO_EC
		135	if (k->type == EVP_PKEY_EC)
		136	{
		137	X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
		138	break;
		139	}
		140	#endif
		141	#ifndef OPENSSL_NO_DH
		142	if (k->type == EVP_PKEY_DH)
		143	{
		144	/* No idea */
		145	X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
		146	break;
		147	}
		148	#endif
		149	X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
		150	}
		151
		152	EVP_PKEY_free(xk);
		153	return(ok);
		154	}
		155
116	/* It seems several organisations had the same idea of including a list of	156	/* It seems several organisations had the same idea of including a list of
117	* extensions in a certificate request. There are at least two OIDs that are	157	* extensions in a certificate request. There are at least two OIDs that are
118	* used and there may be more: so the list is configurable.	158	* used and there may be more: so the list is configurable.
@@ -147,7 +187,7 @@ STACK_OF(X509_EXTENSION) X509_REQ_get_extensions(X509_REQ req)
147	X509_ATTRIBUTE *attr;	187	X509_ATTRIBUTE *attr;
148	ASN1_TYPE *ext = NULL;	188	ASN1_TYPE *ext = NULL;
149	int idx, *pnid;	189	int idx, *pnid;
150	unsigned char *p;	190	const unsigned char *p;
151		191
152	if ((req == NULL) \|\| (req->req_info == NULL) \|\| !ext_nids)	192	if ((req == NULL) \|\| (req->req_info == NULL) \|\| !ext_nids)
153	return(NULL);	193	return(NULL);
@@ -169,7 +209,7 @@ STACK_OF(X509_EXTENSION) X509_REQ_get_extensions(X509_REQ req)
169	ext->value.sequence->length,	209	ext->value.sequence->length,
170	d2i_X509_EXTENSION, X509_EXTENSION_free,	210	d2i_X509_EXTENSION, X509_EXTENSION_free,
171	V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);	211	V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
172	}	212	}
173		213
174	/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs	214	/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
175	* in case we want to create a non standard one.	215	* in case we want to create a non standard one.
@@ -202,6 +242,11 @@ int X509_REQ_add_extensions_nid(X509_REQ req, STACK_OF(X509_EXTENSION) exts,
202	at = NULL;	242	at = NULL;
203	attr->single = 0;	243	attr->single = 0;
204	attr->object = OBJ_nid2obj(nid);	244	attr->object = OBJ_nid2obj(nid);
		245	if (!req->req_info->attributes)
		246	{
		247	if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null()))
		248	goto err;
		249	}
205	if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;	250	if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
206	return 1;	251	return 1;
207	err:	252	err: