From 576892d78f80cf9a169e7f766319c843e430f378 Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Wed, 2 Dec 2020 17:52:24 +1000 Subject: Fix d2i_AutoPrivateKey_ex so that is uses the new decoder (and produces non legacy keys). Fixes #13522 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/13591) --- .../implementations/encode_decode/decode_der2key.c | 5 +++-- .../implementations/encode_decode/encode_key2any.c | 24 +++++++++++++++++++++- 2 files changed, 26 insertions(+), 3 deletions(-) (limited to 'providers/implementations/encode_decode') diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c index 4018d2021b..466a73f908 100644 --- a/providers/implementations/encode_decode/decode_der2key.c +++ b/providers/implementations/encode_decode/decode_der2key.c @@ -28,6 +28,7 @@ #include "crypto/dh.h" #include "crypto/dsa.h" #include "crypto/ec.h" +#include "crypto/evp.h" #include "crypto/ecx.h" #include "crypto/rsa.h" #include "prov/bio.h" @@ -321,8 +322,8 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { derp = der; - pkey = d2i_PrivateKey_ex(ctx->desc->evp_type, NULL, &derp, der_len, - libctx, NULL); + pkey = evp_privatekey_from_binary(ctx->desc->evp_type, NULL, + &derp, der_len, libctx, NULL); } if (pkey == NULL diff --git a/providers/implementations/encode_decode/encode_key2any.c b/providers/implementations/encode_decode/encode_key2any.c index 883c33334d..32d99837b2 100644 --- a/providers/implementations/encode_decode/encode_key2any.c +++ b/providers/implementations/encode_decode/encode_key2any.c @@ -60,6 +60,20 @@ typedef int key_to_der_fn(BIO *out, const void *key, struct key2any_ctx_st *ctx); typedef int write_bio_of_void_fn(BIO *bp, const void *x); + +/* Free the blob allocated during key_to_paramstring_fn */ +static void free_asn1_data(int type, void *data) +{ + switch(type) { + case V_ASN1_OBJECT: + ASN1_OBJECT_free(data); + break; + case V_ASN1_SEQUENCE: + ASN1_STRING_free(data); + break; + } +} + static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid, void *params, int params_type, i2d_of_void *k2d) @@ -70,7 +84,6 @@ static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid, /* The final PKCS#8 info */ PKCS8_PRIV_KEY_INFO *p8info = NULL; - if ((p8info = PKCS8_PRIV_KEY_INFO_new()) == NULL || (derlen = k2d(key, &der)) <= 0 || !PKCS8_pkey_set0(p8info, OBJ_nid2obj(key_nid), 0, @@ -113,6 +126,9 @@ static X509_SIG *key_to_encp8(const void *key, int key_nid, key_to_p8info(key, key_nid, params, params_type, k2d); X509_SIG *p8 = p8info_to_encp8(p8info, ctx); + if (p8info == NULL) + free_asn1_data(params_type, params); + PKCS8_PRIV_KEY_INFO_free(p8info); return p8; } @@ -174,6 +190,8 @@ static int key_to_pkcs8_der_priv_bio(BIO *out, const void *key, if (p8info != NULL) ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info); + else + free_asn1_data(strtype, str); PKCS8_PRIV_KEY_INFO_free(p8info); } @@ -208,6 +226,8 @@ static int key_to_pkcs8_pem_priv_bio(BIO *out, const void *key, if (p8info != NULL) ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info); + else + free_asn1_data(strtype, str); PKCS8_PRIV_KEY_INFO_free(p8info); } @@ -259,6 +279,8 @@ static int key_to_spki_pem_pub_bio(BIO *out, const void *key, if (xpk != NULL) ret = PEM_write_bio_X509_PUBKEY(out, xpk); + else + free_asn1_data(strtype, str); /* Also frees |str| */ X509_PUBKEY_free(xpk); -- cgit v1.2.3