[openssl] master update

shane.lontis at oracle.com shane.lontis at oracle.com
Sun May 30 23:16:56 UTC 2021 

The branch master has been updated
       via  3811e0019aa8340b413e65fcf81d4b726f437c93 (commit)
      from  3068a183ae3a6eba858aa23b2a4d9f7d2ba8a4c1 (commit)


- Log -----------------------------------------------------------------
commit 3811e0019aa8340b413e65fcf81d4b726f437c93
Author: Matt Caswell <matt at openssl.org>
Date:   Fri May 21 11:55:33 2021 +0100

    Special case SM2 when decoding
    
    SM2 abuses the EC oid by reusing it - but an EC key is different to an SM2
    key. Therefore we have to special case SM2 during decoding. If we encounter
    the EC OID then we have to try both algorithms.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/15522)

-----------------------------------------------------------------------

Summary of changes:
 crypto/encode_decode/decoder_pkey.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c
index fb8f0d219b..0bb068ae68 100644
--- a/crypto/encode_decode/decoder_pkey.c
+++ b/crypto/encode_decode/decoder_pkey.c
@@ -294,6 +294,12 @@ int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx,
     STACK_OF(EVP_KEYMGMT) *keymgmts = NULL;
     STACK_OF(OPENSSL_CSTRING) *names = NULL;
     int ok = 0;
+    int isecoid = 0;
+
+    if (keytype != NULL
+            && (strcmp(keytype, "id-ecPublicKey") == 0
+                || strcmp(keytype, "1.2.840.10045.2.1") == 0))
+        isecoid = 1;
 
     if ((process_data = OPENSSL_zalloc(sizeof(*process_data))) == NULL
         || (propquery != NULL
@@ -317,8 +323,13 @@ int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx,
         /*
          * If the key type is given by the caller, we only use the matching
          * KEYMGMTs, otherwise we use them all.
+         * We have to special case SM2 here because of its abuse of the EC OID.
+         * The EC OID can be used to identify an EC key or an SM2 key - so if
+         * we have seen that OID we try both key types
          */
-        if (keytype == NULL || EVP_KEYMGMT_is_a(keymgmt, keytype)) {
+        if (keytype == NULL
+                || EVP_KEYMGMT_is_a(keymgmt, keytype)
+                || (isecoid && EVP_KEYMGMT_is_a(keymgmt, "SM2"))) {
             if (!EVP_KEYMGMT_names_do_all(keymgmt, collect_name, names)) {
                 ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_INTERNAL_ERROR);
                 goto err;

More information about the openssl-commits mailing list