diff options
| author | Richard Levitte <levitte@openssl.org> | 2020-08-27 07:18:55 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-08-28 20:51:17 +0200 |
| commit | 56456c3404b0ec27f93816d951ff7a58827481f0 (patch) | |
| tree | 4dd33d969847a0ffdbd7cb525088127a4b98bef3 /crypto/pem | |
| parent | 28499baca599413fe775c59433159b6188d9bedb (diff) | |
Fix PEM_write_bio_PrivateKey_traditional() to not output PKCS#8
PEM_write_bio_PrivateKey_traditional() uses i2d_PrivateKey() to do the
actual encoding to DER. However, i2d_PrivateKey() is a generic
function that will do what it can to produce output according to what
the associated EVP_PKEY_ASN1_METHOD offers. If that method offers a
function 'old_priv_encode', which is expected to produce the
"traditional" encoded form, then i2d_PrivateKey() uses that. If not,
i2d_PrivateKey() will go on and used more modern methods, which are
all expected to produce PKCS#8.
To ensure that PEM_write_bio_PrivateKey_traditional() never produces
more modern encoded forms, an extra check that 'old_priv_encode' is
non-NULL is added. If it is NULL, an error is returned.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12729)
Diffstat (limited to 'crypto/pem')
| -rw-r--r-- | crypto/pem/pem_err.c | 6 | ||||
| -rw-r--r-- | crypto/pem/pem_pkey.c | 6 |
2 files changed, 11 insertions, 1 deletions
diff --git a/crypto/pem/pem_err.c b/crypto/pem/pem_err.c index f642030aa5..0f3cb02407 100644 --- a/crypto/pem/pem_err.c +++ b/crypto/pem/pem_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -60,6 +60,8 @@ static const ERR_STRING_DATA PEM_str_functs[] = { {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_SIGNFINAL, 0), "PEM_SignFinal"}, {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE, 0), "PEM_write"}, {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_BIO, 0), "PEM_write_bio"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL, 0), + "PEM_write_bio_PrivateKey_traditional"}, {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_PRIVATEKEY, 0), "PEM_write_PrivateKey"}, {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_READ, 0), "PEM_X509_INFO_read"}, @@ -109,6 +111,8 @@ static const ERR_STRING_DATA PEM_str_reasons[] = { "unsupported encryption"}, {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_KEY_COMPONENTS), "unsupported key components"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE), + "unsupported public key type"}, {0, NULL} }; diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index e58cdf4a3e..7bd9aa097e 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -108,6 +108,12 @@ int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, pem_password_cb *cb, void *u) { char pem_str[80]; + + if (x->ameth == NULL || x->ameth->old_priv_encode == NULL) { + PEMerr(PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL, + PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + return 0; + } BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str); return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, pem_str, bp, x, enc, kstr, klen, cb, u); |