From 38ce604e3cc97706b876b0525ddff0121115456d Mon Sep 17 00:00:00 2001
From: djm <>
Date: Sat, 6 Sep 2008 12:17:54 +0000
Subject: resolve conflicts

---
 src/lib/libcrypto/x509/x509_req.c | 49 +++++++++++++++++++++++++++++++++++++--
 1 file changed, 47 insertions(+), 2 deletions(-)

(limited to 'src/lib/libcrypto/x509/x509_req.c')

diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
index 59fc6ca548..3872e1fb64 100644
--- a/src/lib/libcrypto/x509/x509_req.c
+++ b/src/lib/libcrypto/x509/x509_req.c
@@ -113,6 +113,46 @@ EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
 	return(X509_PUBKEY_get(req->req_info->pubkey));
 	}
 
+int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
+	{
+	EVP_PKEY *xk=NULL;
+	int ok=0;
+
+	xk=X509_REQ_get_pubkey(x);
+	switch (EVP_PKEY_cmp(xk, k))
+		{
+	case 1:
+		ok=1;
+		break;
+	case 0:
+		X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
+		break;
+	case -1:
+		X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
+		break;
+	case -2:
+#ifndef OPENSSL_NO_EC
+		if (k->type == EVP_PKEY_EC)
+			{
+			X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
+			break;
+			}
+#endif
+#ifndef OPENSSL_NO_DH
+		if (k->type == EVP_PKEY_DH)
+			{
+			/* No idea */
+			X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
+			break;
+			}
+#endif
+	        X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
+		}
+
+	EVP_PKEY_free(xk);
+	return(ok);
+	}
+
 /* It seems several organisations had the same idea of including a list of
  * extensions in a certificate request. There are at least two OIDs that are
  * used and there may be more: so the list is configurable.
@@ -147,7 +187,7 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
 	X509_ATTRIBUTE *attr;
 	ASN1_TYPE *ext = NULL;
 	int idx, *pnid;
-	unsigned char *p;
+	const unsigned char *p;
 
 	if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
 		return(NULL);
@@ -169,7 +209,7 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
 			ext->value.sequence->length,
 			d2i_X509_EXTENSION, X509_EXTENSION_free,
 			V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-	}
+}
 
 /* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
  * in case we want to create a non standard one.
@@ -202,6 +242,11 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
 	at = NULL;
 	attr->single = 0;
 	attr->object = OBJ_nid2obj(nid);
+	if (!req->req_info->attributes)
+		{
+		if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null()))
+			goto err;
+		}
 	if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
 	return 1;
 	err:
-- 
cgit v1.2.3-55-g6feb