From 10315851d0230646947213ac148747bc64c56798 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 28 Jan 2021 09:00:58 +0100 Subject: X509: Refactor X509_PUBKEY processing to include provider side keys When a SubjectPublicKeyInfo (SPKI) is decoded into an X509_PUBKEY structure, the corresponding EVP_PKEY is automatically added as well. This used to only support our built-in keytypes, and only in legacy form. This is now refactored by making The ASN1 implementation of the X509_PUBKEY an EXTERN_ASN1, resulting in a more manual implementation of the basic support routines. Specifically, the d2i routine will do what was done in the callback before, and try to interpret the input as an EVP_PKEY, first in legacy form, and then using OSSL_DECODER. Fixes #13893 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14281) --- providers/implementations/encode_decode/decode_der2key.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'providers/implementations/encode_decode') diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c index 466a73f908..5073e660cd 100644 --- a/providers/implementations/encode_decode/decode_der2key.c +++ b/providers/implementations/encode_decode/decode_der2key.c @@ -31,6 +31,7 @@ #include "crypto/evp.h" #include "crypto/ecx.h" #include "crypto/rsa.h" +#include "crypto/x509.h" #include "prov/bio.h" #include "prov/implementations.h" #include "endecoder_local.h" @@ -330,7 +331,7 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { RESET_ERR_MARK(); derp = der; - pkey = d2i_PUBKEY_ex(NULL, &derp, der_len, libctx, NULL); + pkey = d2i_PUBKEY_legacy(NULL, &derp, der_len); } if (pkey != NULL) { -- cgit v1.2.3