[openssl] master update
Richard Levitte
levitte at openssl.org
Tue May 12 09:24:45 UTC 2020
The branch master has been updated
via b2952366dd0248bf35c83e1736cd203033a22378 (commit)
from 885a2a399dcf25860f471e59af43db2917c39335 (commit)
- Log -----------------------------------------------------------------
commit b2952366dd0248bf35c83e1736cd203033a22378
Author: Richard Levitte <levitte at openssl.org>
Date: Mon May 11 09:14:11 2020 +0200
Fix d2i_PrivateKey_ex() to work as documented
d2i_PrivateKey(), and thereby d2i_PrivateKey_ex(), is documented to
return keys of the type given as first argument |type|, unconditionally.
Most specifically, the manual says this:
> An error occurs if the decoded key does not match type.
However, when faced of a PKCS#8 wrapped key, |type| was ignored, which
may lead to unexpected results.
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11787)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/d2i_pr.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index c7346f5424..3ddc56d408 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -58,6 +58,8 @@ EVP_PKEY *d2i_PrivateKey_ex(int type, EVP_PKEY **a, const unsigned char **pp,
goto err;
EVP_PKEY_free(ret);
ret = tmp;
+ if (EVP_PKEY_type(type) != EVP_PKEY_base_id(ret))
+ goto err;
} else {
ASN1err(0, ERR_R_ASN1_LIB);
goto err;
More information about the openssl-commits
mailing list