diff options
| author | David Benjamin <davidben@google.com> | 2016-02-17 22:52:08 +0300 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2016-03-01 03:06:55 +0300 |
| commit | 2c198fae28c13f7cdeadd33dc7f68036310edbe5 (patch) | |
| tree | a9a44f020bd92163294225b63719ca670035d4d4 /crypto/evp | |
| parent | 886119b9f73b4fe0159c2ab793cccb3fa96ace99 (diff) | |
Enforce that d2i_PrivateKey returns a key of the specified type.
If d2i_PrivateKey hit the PKCS#8 codepath, it didn't enforce that the key was
of the specified type.
Note that this requires tweaking d2i_AutoPrivateKey slightly. A PKCS #8
PrivateKeyInfo may have 3 or 4 elements (optional attributes), so we were
relying on this bug for d2i_AutoPrivateKey to work.
Change-Id: If50b7a742f535d208e944ba37c3a585689d1da43
Reviewed-on: https://boringssl-review.googlesource.com/7253
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'crypto/evp')
| -rw-r--r-- | crypto/evp/evp_asn1.c | 35 | ||||
| -rw-r--r-- | crypto/evp/evp_extra_test.cc | 9 |
2 files changed, 28 insertions, 16 deletions
diff --git a/crypto/evp/evp_asn1.c b/crypto/evp/evp_asn1.c index f9bd51c0..ecf304cd 100644 --- a/crypto/evp/evp_asn1.c +++ b/crypto/evp/evp_asn1.c @@ -223,6 +223,11 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **out, const uint8_t **inp, if (ret == NULL) { return NULL; } + if (ret->type != type) { + OPENSSL_PUT_ERROR(EVP, EVP_R_DIFFERENT_KEY_TYPES); + EVP_PKEY_free(ret); + return NULL; + } } if (out != NULL) { @@ -261,24 +266,22 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **out, const uint8_t **inp, long len) { return NULL; } - /* Count the elements to determine the format. */ - switch (num_elements(*inp, (size_t)len)) { - case 3: { - /* Parse the input as a PKCS#8 PrivateKeyInfo. */ - CBS cbs; - CBS_init(&cbs, *inp, (size_t)len); - EVP_PKEY *ret = EVP_parse_private_key(&cbs); - if (ret == NULL) { - return NULL; - } - if (out != NULL) { - EVP_PKEY_free(*out); - *out = ret; - } - *inp = CBS_data(&cbs); - return ret; + /* Parse the input as a PKCS#8 PrivateKeyInfo. */ + CBS cbs; + CBS_init(&cbs, *inp, (size_t)len); + EVP_PKEY *ret = EVP_parse_private_key(&cbs); + if (ret != NULL) { + if (out != NULL) { + EVP_PKEY_free(*out); + *out = ret; } + *inp = CBS_data(&cbs); + return ret; + } + ERR_clear_error(); + /* Count the elements to determine the legacy key format. */ + switch (num_elements(*inp, (size_t)len)) { case 4: return d2i_PrivateKey(EVP_PKEY_EC, out, inp, len); diff --git a/crypto/evp/evp_extra_test.cc b/crypto/evp/evp_extra_test.cc index 0d035277..3d08638d 100644 --- a/crypto/evp/evp_extra_test.cc +++ b/crypto/evp/evp_extra_test.cc @@ -640,6 +640,15 @@ static bool Testd2i_PrivateKey(void) { } ERR_clear_error(); + derp = kExampleRSAKeyPKCS8; + pkey.reset(d2i_PrivateKey(EVP_PKEY_EC, nullptr, &derp, + sizeof(kExampleRSAKeyPKCS8))); + if (pkey) { + fprintf(stderr, "Imported RSA key as EC key.\n"); + return false; + } + ERR_clear_error(); + return true; } |