diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2022-08-01 17:43:00 +0200 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2022-08-24 11:27:12 +0200 |
commit | aaabe58072924c24c862a0660cdfe78de63099c2 (patch) | |
tree | 334dc41fb2f054e16db5c0d2ca9bcbacbfa19663 /crypto | |
parent | ba9e3721febb073397248154a846f2088efd6409 (diff) |
X509: clean up doc and implementation of X509{,_REQ}_check_private_key()
Also constify X509_REQ_get0_pubkey() and X509_REQ_check_private_key().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18930)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/x509/x509_cmp.c | 28 | ||||
-rw-r--r-- | crypto/x509/x509_req.c | 25 |
2 files changed, 21 insertions, 32 deletions
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 9f5b9403f2..18f9fba764 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -389,30 +389,38 @@ EVP_PKEY *X509_get_pubkey(X509 *x) return X509_PUBKEY_get(x->cert_info.key); } -int X509_check_private_key(const X509 *x, const EVP_PKEY *k) +int X509_check_private_key(const X509 *cert, const EVP_PKEY *pkey) { - const EVP_PKEY *xk; - int ret; + const EVP_PKEY *xk = X509_get0_pubkey(cert); - xk = X509_get0_pubkey(x); if (xk == NULL) { ERR_raise(ERR_LIB_X509, X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); return 0; } + return ossl_x509_check_private_key(xk, pkey); +} - switch (ret = EVP_PKEY_eq(xk, k)) { +int ossl_x509_check_private_key(const EVP_PKEY *x, const EVP_PKEY *pkey) +{ + if (x == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + switch (EVP_PKEY_eq(x, pkey)) { + case 1: + return 1; case 0: ERR_raise(ERR_LIB_X509, X509_R_KEY_VALUES_MISMATCH); - break; + return 0; case -1: ERR_raise(ERR_LIB_X509, X509_R_KEY_TYPE_MISMATCH); - break; + return 0; case -2: ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_KEY_TYPE); - break; + /* fall thru */ + default: + return 0; } - - return ret > 0; } /* diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index 858c6c566c..af12714472 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -67,7 +67,7 @@ EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req) return X509_PUBKEY_get(req->req_info.pubkey); } -EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req) +EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req) { if (req == NULL) return NULL; @@ -79,28 +79,9 @@ X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req) return req->req_info.pubkey; } -int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) +int X509_REQ_check_private_key(const X509_REQ *req, EVP_PKEY *pkey) { - EVP_PKEY *xk = NULL; - int ok = 0; - - xk = X509_REQ_get_pubkey(x); - switch (EVP_PKEY_eq(xk, k)) { - case 1: - ok = 1; - break; - case 0: - ERR_raise(ERR_LIB_X509, X509_R_KEY_VALUES_MISMATCH); - break; - case -1: - ERR_raise(ERR_LIB_X509, X509_R_KEY_TYPE_MISMATCH); - break; - case -2: - ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_KEY_TYPE); - } - - EVP_PKEY_free(xk); - return ok; + return ossl_x509_check_private_key(X509_REQ_get0_pubkey(req), pkey); } /* |