Fix d2i_PrivateKey() to work as documented
authorRichard Levitte <levitte@openssl.org>
Mon, 11 May 2020 07:14:11 +0000 (09:14 +0200)
committerRichard Levitte <levitte@openssl.org>
Wed, 20 May 2020 19:27:53 +0000 (21:27 +0200)
d2i_PrivateKey() is documented to return keys of the type given as
first argument |type|, unconditionally.  Most specifically, the manual
says this:

> An error occurs if the decoded key does not match type.

However, when faced of a PKCS#8 wrapped key, |type| was ignored, which
may lead to unexpected results.

(cherry picked from commit b2952366dd0248bf35c83e1736cd203033a22378)

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11888)

crypto/asn1/d2i_pr.c

index 6ec0107380493dcca4abb31285254e700805797c..ac1a8c429a24bb777def685e172c000c907cc2d0 100644 (file)
@@ -56,6 +56,8 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
                 goto err;
             EVP_PKEY_free(ret);
             ret = tmp;
+            if (EVP_PKEY_type(type) != EVP_PKEY_base_id(ret))
+                goto err;
         } else {
             ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
             goto err;