summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDr. David von Oheimb <David.von.Oheimb@siemens.com>2020-11-13 21:45:46 +0100
committerDr. David von Oheimb <David.von.Oheimb@siemens.com>2020-11-20 13:36:30 +0100
commitf87ead980187ba39c66eb6ed5825603ea343b73f (patch)
tree2e4ff347f73f300a65caa167125c3c9de4872a1b
parent8c5c2fa544e8ca05bb756e99dbc9cb5ed82db37c (diff)
ossl_cmp_certreq_new(): Fix POPO key mismatch in case newPkey is just public key
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13409)
Diffstat
-rw-r--r--crypto/cmp/cmp_msg.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index 1a4a873168..45cda58879 100644
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -334,7 +334,12 @@ OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int type,
if (type != OSSL_CMP_PKIBODY_P10CR) {
EVP_PKEY *privkey = OSSL_CMP_CTX_get0_newPkey(ctx, 1);
- if (privkey == NULL)
+ /*
+ * privkey is NULL in case ctx->newPkey does not include a private key.
+ * We then may try to use ctx->pkey as fallback/default, but only
+ * if ctx-> newPkey does not include a (non-matching) public key:
+ */
+ if (privkey == NULL && OSSL_CMP_CTX_get0_newPkey(ctx, 0) == NULL)
privkey = ctx->pkey; /* default is independent of ctx->oldCert */
if (ctx->popoMethod == OSSL_CRMF_POPO_SIGNATURE && privkey == NULL) {
ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_PRIVATE_KEY);
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 21:06:40 +0000