diff options
author | Todd Short <tshort@akamai.com> | 2019-02-04 16:04:11 -0500 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-02-08 10:04:13 +0000 |
commit | 3dbec21b4603eb0fde6cd97202d8a374415e1da8 (patch) | |
tree | 3b6a40611d658a4f6649da9944af8fe1d3aced8b | |
parent | ee774d5d3cb38455e8c9d4d73612bf6eebdfa335 (diff) |
Fix d2i_PublicKey() for EC keys
o2i_ECPublicKey() requires an EC_KEY structure filled with an EC_GROUP.
o2i_ECPublicKey() is called by d2i_PublicKey(). In order to fulfill the
o2i_ECPublicKey()'s requirement, d2i_PublicKey() needs to be called with
an EVP_PKEY with an EC_KEY containing an EC_GROUP.
However, the call to EVP_PKEY_set_type() frees any existing key structure
inside the EVP_PKEY, thus freeing the EC_KEY with the EC_GROUP that
o2i_ECPublicKey() needs.
This means you can't d2i_PublicKey() for an EC key...
The fix is to check to see if the type is already set appropriately, and
if so, not call EVP_PKEY_set_type().
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8168)
(cherry picked from commit 2aa2beb06cc25c1f8accdc3d87b946205becfd86)
-rw-r--r-- | crypto/asn1/d2i_pu.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c index 9452e08a58..778114d765 100644 --- a/crypto/asn1/d2i_pu.c +++ b/crypto/asn1/d2i_pu.c @@ -32,7 +32,7 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, } else ret = *a; - if (!EVP_PKEY_set_type(ret, type)) { + if (type != EVP_PKEY_id(ret) && !EVP_PKEY_set_type(ret, type)) { ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB); goto err; } |