Fix d2i_PrivateKey_ex() to work as documented

d2i_PrivateKey(), and thereby d2i_PrivateKey_ex(), is documented to return keys of the type given as first argument |type|, unconditionally. Most specifically, the manual says this: > An error occurs if the decoded key does not match type. However, when faced of a PKCS#8 wrapped key, |type| was ignored, which may lead to unexpected results. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11787)
author: Richard Levitte <levitte@openssl.org> 2020-05-11 10:14:11 +0300
committer: Richard Levitte <levitte@openssl.org> 2020-05-12 07:48:47 +0300
commit: b2952366dd0248bf35c83e1736cd203033a22378 (patch)
tree: a057c8393fcee475d54a6fa0165511b4bb518a19 /crypto/asn1/d2i_pr.c
parent: 885a2a399dcf25860f471e59af43db2917c39335 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index c7346f5424..3ddc56d408 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -58,6 +58,8 @@ EVP_PKEY *d2i_PrivateKey_ex(int type, EVP_PKEY **a, const unsigned char **pp,
                 goto err;
             EVP_PKEY_free(ret);
             ret = tmp;
+            if (EVP_PKEY_type(type) != EVP_PKEY_base_id(ret))
+                goto err;
         } else {
             ASN1err(0, ERR_R_ASN1_LIB);
             goto err;
author	Richard Levitte <levitte@openssl.org>	2020-05-11 10:14:11 +0300
committer	Richard Levitte <levitte@openssl.org>	2020-05-12 07:48:47 +0300
commit	b2952366dd0248bf35c83e1736cd203033a22378 (patch)
tree	a057c8393fcee475d54a6fa0165511b4bb518a19 /crypto/asn1/d2i_pr.c
parent	885a2a399dcf25860f471e59af43db2917c39335 (diff)