diff options
author | Matt Caswell <matt@openssl.org> | 2021-05-27 16:48:37 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2021-06-08 18:53:28 +0100 |
commit | 29bf83c889c44236f33004ea2a6126c6d92e8b7a (patch) | |
tree | a33c72bb468b0eb55f4763bd54b9bede70871c10 /crypto | |
parent | f8da1d800580fb521b450b51f9e07ad1c3c1798d (diff) |
Only use the legacy route to decode a public key if we have to
We should use a provider to decode a SubjectPublicKeyInfo structure if
we can. We should only use the legacy route if we are forcing legacy, or
if an ENGINE is in use.
Fixes #15393
Fixes #15327
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15504)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/x509/x_pubkey.c | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index 3eb21a0c79..ace4b533fe 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -17,6 +17,7 @@ #include "internal/cryptlib.h" #include <openssl/asn1t.h> #include <openssl/x509.h> +#include <openssl/engine.h> #include "crypto/asn1.h" #include "crypto/evp.h" #include "crypto/x509.h" @@ -362,14 +363,30 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) */ static int x509_pubkey_decode(EVP_PKEY **ppkey, const X509_PUBKEY *key) { - EVP_PKEY *pkey = EVP_PKEY_new(); + EVP_PKEY *pkey; + int nid; + + nid = OBJ_obj2nid(key->algor->algorithm); + if (!key->flag_force_legacy) { +#ifndef OPENSSL_NO_ENGINE + ENGINE *e = NULL; + + e = ENGINE_get_pkey_meth_engine(nid); + if (e == NULL) + return 0; + ENGINE_finish(e); +#else + return 0; +#endif + } + pkey = EVP_PKEY_new(); if (pkey == NULL) { ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); return -1; } - if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(key->algor->algorithm))) { + if (!EVP_PKEY_set_type(pkey, nid)) { ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM); goto error; } |