From d8a9aaad16fd4d6eaa06b0c4b5a4270151f9a341 Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Fri, 3 Jan 2025 16:59:09 -0700
Subject: [PATCH] add key mismatch error

---
 src/ssl.c                       | 5 +++++
 wolfcrypt/src/error.c           | 3 +++
 wolfssl/openssl/ssl.h           | 2 ++
 wolfssl/openssl/x509.h          | 1 +
 wolfssl/wolfcrypt/error-crypt.h | 3 ++-
 5 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/ssl.c b/src/ssl.c
index 511ed4d30..65d41a466 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -7101,6 +7101,11 @@ int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx)
 #endif
 #endif
 
+    /* placing error into error queue for Python port */
+    if (res != WOLFSSL_SUCCESS) {
+        WOLFSSL_ERROR(WC_KEY_MISMATCH_E);
+    }
+
     return res;
 }
 #endif /* !NO_CHECK_PRIVATE_KEY */
diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c
index 13cc644dd..1d584942b 100644
--- a/wolfcrypt/src/error.c
+++ b/wolfcrypt/src/error.c
@@ -645,6 +645,9 @@ const char* wc_GetErrorString(int error)
     case PBKDF2_KAT_FIPS_E:
         return "wolfCrypt FIPS PBKDF2 Known Answer Test Failure";
 
+    case WC_KEY_MISMATCH_E:
+        return "key values mismatch";
+
     case DEADLOCK_AVERTED_E:
         return "Deadlock averted -- retry the call";
 
diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h
index a35c61b82..8531b1790 100644
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -1830,6 +1830,8 @@ typedef WOLFSSL_CONF_CTX SSL_CONF_CTX;
 #define SSL_CONF_cmd                    wolfSSL_CONF_cmd
 #define SSL_CONF_cmd_value_type         wolfSSL_CONF_cmd_value_type
 
+#define SSL_OP_LEGACY_SERVER_CONNECT    0
+
 #endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
 
 
diff --git a/wolfssl/openssl/x509.h b/wolfssl/openssl/x509.h
index 768d0893d..e1eb78ecb 100644
--- a/wolfssl/openssl/x509.h
+++ b/wolfssl/openssl/x509.h
@@ -214,6 +214,7 @@
 #define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3        93
 #define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS              94
 #define X509_R_CERT_ALREADY_IN_HASH_TABLE              101
+#define X509_R_KEY_VALUES_MISMATCH                     WC_KEY_MISMATCH_E
 
 #define X509_EXTENSION_set_critical wolfSSL_X509_EXTENSION_set_critical
 #define X509_EXTENSION_set_object   wolfSSL_X509_EXTENSION_set_object
diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h
index ba06b84fc..19d5eef82 100644
--- a/wolfssl/wolfcrypt/error-crypt.h
+++ b/wolfssl/wolfcrypt/error-crypt.h
@@ -135,7 +135,8 @@ enum wolfCrypt_ErrorCodes {
     ED25519_KAT_FIPS_E = -163,  /* Ed25519 Known answer test failure */
     ED448_KAT_FIPS_E   = -164,  /* Ed448 Known answer test failure */
     PBKDF2_KAT_FIPS_E  = -165,  /* PBKDF2 Known answer test failure */
-    /* -166..-169 unused. */
+    WC_KEY_MISMATCH_E  = -166,  /* Error for private/public key mismatch */
+    /* -167..-169 unused. */
 
     ECC_BAD_ARG_E      = -170,  /* ECC input argument of wrong type */
     ASN_ECC_KEY_E      = -171,  /* ASN ECC bad input */