diff options
Diffstat (limited to 'src/lib/libcrypto/x509/x509_cmp.c')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_cmp.c | 59 |
1 files changed, 37 insertions, 22 deletions
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c index 0d6bc653b2..030d0966fc 100644 --- a/src/lib/libcrypto/x509/x509_cmp.c +++ b/src/lib/libcrypto/x509/x509_cmp.c | |||
| @@ -322,10 +322,16 @@ unsigned long X509_NAME_hash(X509_NAME *x) | |||
| 322 | { | 322 | { |
| 323 | unsigned long ret=0; | 323 | unsigned long ret=0; |
| 324 | unsigned char md[16]; | 324 | unsigned char md[16]; |
| 325 | EVP_MD_CTX md_ctx; | ||
| 325 | 326 | ||
| 326 | /* Make sure X509_NAME structure contains valid cached encoding */ | 327 | /* Make sure X509_NAME structure contains valid cached encoding */ |
| 327 | i2d_X509_NAME(x,NULL); | 328 | i2d_X509_NAME(x,NULL); |
| 328 | EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL); | 329 | EVP_MD_CTX_init(&md_ctx); |
| 330 | EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||
| 331 | EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL); | ||
| 332 | EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length); | ||
| 333 | EVP_DigestFinal_ex(&md_ctx,md,NULL); | ||
| 334 | EVP_MD_CTX_cleanup(&md_ctx); | ||
| 329 | 335 | ||
| 330 | ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| | 336 | ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| |
| 331 | ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) | 337 | ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) |
| @@ -390,36 +396,45 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) | |||
| 390 | int ok=0; | 396 | int ok=0; |
| 391 | 397 | ||
| 392 | xk=X509_get_pubkey(x); | 398 | xk=X509_get_pubkey(x); |
| 393 | switch (EVP_PKEY_cmp(xk, k)) | 399 | if (xk->type != k->type) |
| 400 | { | ||
| 401 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); | ||
| 402 | goto err; | ||
| 403 | } | ||
| 404 | switch (k->type) | ||
| 394 | { | 405 | { |
| 395 | case 1: | 406 | #ifndef OPENSSL_NO_RSA |
| 396 | ok=1; | 407 | case EVP_PKEY_RSA: |
| 408 | if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0 | ||
| 409 | || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) | ||
| 410 | { | ||
| 411 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); | ||
| 412 | goto err; | ||
| 413 | } | ||
| 397 | break; | 414 | break; |
| 398 | case 0: | 415 | #endif |
| 399 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); | 416 | #ifndef OPENSSL_NO_DSA |
| 400 | break; | 417 | case EVP_PKEY_DSA: |
| 401 | case -1: | 418 | if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0) |
| 402 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); | 419 | { |
| 420 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); | ||
| 421 | goto err; | ||
| 422 | } | ||
| 403 | break; | 423 | break; |
| 404 | case -2: | ||
| 405 | #ifndef OPENSSL_NO_EC | ||
| 406 | if (k->type == EVP_PKEY_EC) | ||
| 407 | { | ||
| 408 | X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); | ||
| 409 | break; | ||
| 410 | } | ||
| 411 | #endif | 424 | #endif |
| 412 | #ifndef OPENSSL_NO_DH | 425 | #ifndef OPENSSL_NO_DH |
| 413 | if (k->type == EVP_PKEY_DH) | 426 | case EVP_PKEY_DH: |
| 414 | { | 427 | /* No idea */ |
| 415 | /* No idea */ | 428 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); |
| 416 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); | 429 | goto err; |
| 417 | break; | ||
| 418 | } | ||
| 419 | #endif | 430 | #endif |
| 431 | default: | ||
| 420 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); | 432 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); |
| 433 | goto err; | ||
| 421 | } | 434 | } |
| 422 | 435 | ||
| 436 | ok=1; | ||
| 437 | err: | ||
| 423 | EVP_PKEY_free(xk); | 438 | EVP_PKEY_free(xk); |
| 424 | return(ok); | 439 | return(ok); |
| 425 | } | 440 | } |