From: Richard Levitte <levitte@openssl.org>
Date: Mon, 11 May 2020 07:14:11 +0000 (+0200)
Subject: Fix d2i_PrivateKey_ex() to work as documented
X-Git-Tag: openssl-3.0.0-alpha2~49
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=b2952366dd0248bf35c83e1736cd203033a22378;p=oweals%2Fopenssl.git

Fix d2i_PrivateKey_ex() to work as documented

d2i_PrivateKey(), and thereby d2i_PrivateKey_ex(), is documented to
return keys of the type given as first argument |type|, unconditionally.
Most specifically, the manual says this:

> An error occurs if the decoded key does not match type.

However, when faced of a PKCS#8 wrapped key, |type| was ignored, which
may lead to unexpected results.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11787)
---

diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index c7346f5424..3ddc56d408 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -58,6 +58,8 @@ EVP_PKEY *d2i_PrivateKey_ex(int type, EVP_PKEY **a, const unsigned char **pp,
                 goto err;
             EVP_PKEY_free(ret);
             ret = tmp;
+            if (EVP_PKEY_type(type) != EVP_PKEY_base_id(ret))
+                goto err;
         } else {
             ASN1err(0, ERR_R_ASN1_LIB);
             goto err;