The branch master has been updated
via 10af976962b2383bb3044120a764037361b8bff7 (commit)
from a73a5d0a14842f51d1a6bad15f3e997b0468b99d (commit)
- Log -----------------------------------------------------------------
commit 10af976962b2383bb3044120a764037361b8bff7
Author: Pauli <[email protected]>
Date: Tue Jun 29 11:43:00 2021 +1000
x509: improve error reporting
Distinguish between not being able to extract a public key versus not
knowing
the key's type.
Alternative to #15921
Reviewed-by: Matt Caswell <[email protected]>
Reviewed-by: Tomas Mraz <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/15944)
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x509_cmp.c | 19 ++++++++-----------
1 file changed, 8 insertions(+), 11 deletions(-)
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 1c1a5e6a27..8b4e46a589 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -391,15 +391,12 @@ int X509_check_private_key(const X509 *x, const EVP_PKEY
*k)
int ret;
xk = X509_get0_pubkey(x);
+ if (xk == NULL) {
+ ERR_raise(ERR_LIB_X509, X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
+ return 0;
+ }
- if (xk)
- ret = EVP_PKEY_eq(xk, k);
- else
- ret = -2;
-
- switch (ret) {
- case 1:
- break;
+ switch (ret = EVP_PKEY_eq(xk, k)) {
case 0:
ERR_raise(ERR_LIB_X509, X509_R_KEY_VALUES_MISMATCH);
break;
@@ -408,10 +405,10 @@ int X509_check_private_key(const X509 *x, const EVP_PKEY
*k)
break;
case -2:
ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_KEY_TYPE);
+ break;
}
- if (ret > 0)
- return 1;
- return 0;
+
+ return ret > 0;
}
/*
