[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Fri Feb 8 10:08:03 UTC 2019
The branch master has been updated
via 1980ce45d6bdd2b57df7003d6b56b5df560b9064 (commit)
via 2aa2beb06cc25c1f8accdc3d87b946205becfd86 (commit)
from b1522fa5ef676b7af0128eab3eee608af3416182 (commit)
- Log -----------------------------------------------------------------
commit 1980ce45d6bdd2b57df7003d6b56b5df560b9064
Author: Todd Short <tshort at akamai.com>
Date: Wed Feb 6 09:28:22 2019 -0500
Update d2i_PrivateKey documentation
Reviewed-by: Paul Yang <yang.yang at baishancloud.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8168)
commit 2aa2beb06cc25c1f8accdc3d87b946205becfd86
Author: Todd Short <tshort at akamai.com>
Date: Mon Feb 4 16:04:11 2019 -0500
Fix d2i_PublicKey() for EC keys
o2i_ECPublicKey() requires an EC_KEY structure filled with an EC_GROUP.
o2i_ECPublicKey() is called by d2i_PublicKey(). In order to fulfill the
o2i_ECPublicKey()'s requirement, d2i_PublicKey() needs to be called with
an EVP_PKEY with an EC_KEY containing an EC_GROUP.
However, the call to EVP_PKEY_set_type() frees any existing key structure
inside the EVP_PKEY, thus freeing the EC_KEY with the EC_GROUP that
o2i_ECPublicKey() needs.
This means you can't d2i_PublicKey() for an EC key...
The fix is to check to see if the type is already set appropriately, and
if so, not call EVP_PKEY_set_type().
Reviewed-by: Paul Yang <yang.yang at baishancloud.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8168)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/d2i_pu.c | 2 +-
doc/man3/d2i_PrivateKey.pod | 18 +++++++++++-------
2 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c
index 73093a6..8876878 100644
--- a/crypto/asn1/d2i_pu.c
+++ b/crypto/asn1/d2i_pu.c
@@ -32,7 +32,7 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
} else
ret = *a;
- if (!EVP_PKEY_set_type(ret, type)) {
+ if (type != EVP_PKEY_id(ret) && !EVP_PKEY_set_type(ret, type)) {
ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB);
goto err;
}
diff --git a/doc/man3/d2i_PrivateKey.pod b/doc/man3/d2i_PrivateKey.pod
index 87ac8a8..eab98b3 100644
--- a/doc/man3/d2i_PrivateKey.pod
+++ b/doc/man3/d2i_PrivateKey.pod
@@ -50,15 +50,19 @@ If the B<*a> is not NULL when calling d2i_PrivateKey() or d2i_AutoPrivateKey()
(i.e. an existing structure is being reused) and the key format is PKCS#8
then B<*a> will be freed and replaced on a successful call.
+To decode a key with type B<EVP_PKEY_EC>, d2i_PublicKey() requires B<*a> to be
+a non-NULL EVP_PKEY structure assigned an EC_KEY structure referencing the proper
+EC_GROUP.
+
=head1 RETURN VALUES
-d2i_PrivateKey() and d2i_AutoPrivateKey() return a valid B<EVP_KEY> structure
-or B<NULL> if an error occurs. The error code can be obtained by calling
-L<ERR_get_error(3)>.
+The d2i_PrivateKey(), d2i_AutoPrivateKey(), d2i_PrivateKey_bio(), d2i_PrivateKey_fp(),
+and d2i_PublicKey() functions return a valid B<EVP_KEY> structure or B<NULL> if an
+error occurs. The error code can be obtained by calling L<ERR_get_error(3)>.
-i2d_PrivateKey() returns the number of bytes successfully encoded or a
-negative value if an error occurs. The error code can be obtained by calling
-L<ERR_get_error(3)>.
+i2d_PrivateKey() and i2d_PublicKey() return the number of bytes successfully
+encoded or a negative value if an error occurs. The error code can be obtained
+by calling L<ERR_get_error(3)>.
=head1 SEE ALSO
@@ -67,7 +71,7 @@ L<d2i_PKCS8PrivateKey_bio(3)>
=head1 COPYRIGHT
-Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
More information about the openssl-commits
mailing list