40 lines
1.3 KiB
Diff
40 lines
1.3 KiB
Diff
From 176eb406691f14d560cf7619365830a4d033ee28 Mon Sep 17 00:00:00 2001
|
|
From: Richard Levitte <levitte@openssl.org>
|
|
Date: Mon, 11 May 2020 09:14:11 +0200
|
|
Subject: [PATCH 062/217] Fix d2i_PrivateKey() to work as documented
|
|
|
|
d2i_PrivateKey() is documented to return keys of the type given as
|
|
first argument |type|, unconditionally. Most specifically, the manual
|
|
says this:
|
|
|
|
> An error occurs if the decoded key does not match type.
|
|
|
|
However, when faced of a PKCS#8 wrapped key, |type| was ignored, which
|
|
may lead to unexpected results.
|
|
|
|
(cherry picked from commit b2952366dd0248bf35c83e1736cd203033a22378)
|
|
|
|
Reviewed-by: Paul Dale <paul.dale@oracle.com>
|
|
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
|
|
(Merged from https://github.com/openssl/openssl/pull/11888)
|
|
---
|
|
crypto/asn1/d2i_pr.c | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
|
|
index 6ec0107..ac1a8c4 100644
|
|
--- a/crypto/asn1/d2i_pr.c
|
|
+++ b/crypto/asn1/d2i_pr.c
|
|
@@ -56,6 +56,8 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
|
|
goto err;
|
|
EVP_PKEY_free(ret);
|
|
ret = tmp;
|
|
+ if (EVP_PKEY_type(type) != EVP_PKEY_base_id(ret))
|
|
+ goto err;
|
|
} else {
|
|
ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
|
|
goto err;
|
|
--
|
|
1.8.3.1
|
|
|