diff options
Diffstat (limited to 'src/lib/libcrypto/x509/x509_cmp.c')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_cmp.c | 59 |
1 files changed, 22 insertions, 37 deletions
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c index 030d0966fc..0d6bc653b2 100644 --- a/src/lib/libcrypto/x509/x509_cmp.c +++ b/src/lib/libcrypto/x509/x509_cmp.c | |||
| @@ -322,16 +322,10 @@ unsigned long X509_NAME_hash(X509_NAME *x) | |||
| 322 | { | 322 | { |
| 323 | unsigned long ret=0; | 323 | unsigned long ret=0; |
| 324 | unsigned char md[16]; | 324 | unsigned char md[16]; |
| 325 | EVP_MD_CTX md_ctx; | ||
| 326 | 325 | ||
| 327 | /* Make sure X509_NAME structure contains valid cached encoding */ | 326 | /* Make sure X509_NAME structure contains valid cached encoding */ |
| 328 | i2d_X509_NAME(x,NULL); | 327 | i2d_X509_NAME(x,NULL); |
| 329 | EVP_MD_CTX_init(&md_ctx); | 328 | EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL); |
| 330 | EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||
| 331 | EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL); | ||
| 332 | EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length); | ||
| 333 | EVP_DigestFinal_ex(&md_ctx,md,NULL); | ||
| 334 | EVP_MD_CTX_cleanup(&md_ctx); | ||
| 335 | 329 | ||
| 336 | ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| | 330 | ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| |
| 337 | ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) | 331 | ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) |
| @@ -396,45 +390,36 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) | |||
| 396 | int ok=0; | 390 | int ok=0; |
| 397 | 391 | ||
| 398 | xk=X509_get_pubkey(x); | 392 | xk=X509_get_pubkey(x); |
| 399 | if (xk->type != k->type) | 393 | switch (EVP_PKEY_cmp(xk, k)) |
| 400 | { | ||
| 401 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); | ||
| 402 | goto err; | ||
| 403 | } | ||
| 404 | switch (k->type) | ||
| 405 | { | 394 | { |
| 406 | #ifndef OPENSSL_NO_RSA | 395 | case 1: |
| 407 | case EVP_PKEY_RSA: | 396 | ok=1; |
| 408 | if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0 | ||
| 409 | || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) | ||
| 410 | { | ||
| 411 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); | ||
| 412 | goto err; | ||
| 413 | } | ||
| 414 | break; | 397 | break; |
| 415 | #endif | 398 | case 0: |
| 416 | #ifndef OPENSSL_NO_DSA | 399 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); |
| 417 | case EVP_PKEY_DSA: | 400 | break; |
| 418 | if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0) | 401 | case -1: |
| 419 | { | 402 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); |
| 420 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); | ||
| 421 | goto err; | ||
| 422 | } | ||
| 423 | break; | 403 | break; |
| 404 | case -2: | ||
| 405 | #ifndef OPENSSL_NO_EC | ||
| 406 | if (k->type == EVP_PKEY_EC) | ||
| 407 | { | ||
| 408 | X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); | ||
| 409 | break; | ||
| 410 | } | ||
| 424 | #endif | 411 | #endif |
| 425 | #ifndef OPENSSL_NO_DH | 412 | #ifndef OPENSSL_NO_DH |
| 426 | case EVP_PKEY_DH: | 413 | if (k->type == EVP_PKEY_DH) |
| 427 | /* No idea */ | 414 | { |
| 428 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); | 415 | /* No idea */ |
| 429 | goto err; | 416 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); |
| 417 | break; | ||
| 418 | } | ||
| 430 | #endif | 419 | #endif |
| 431 | default: | ||
| 432 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); | 420 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); |
| 433 | goto err; | ||
| 434 | } | 421 | } |
| 435 | 422 | ||
| 436 | ok=1; | ||
| 437 | err: | ||
| 438 | EVP_PKEY_free(xk); | 423 | EVP_PKEY_free(xk); |
| 439 | return(ok); | 424 | return(ok); |
| 440 | } | 425 | } |