From db196aab503073253c060073a358123063780636 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Tue, 15 May 2018 17:04:01 -0400 Subject: [PATCH] Distinguish unrecognized SPKI/PKCS8 key types from syntax errors. Change-Id: Ia24aae31296772e2ddccf78f10a6640da459adf7 Reviewed-on: https://boringssl-review.googlesource.com/28548 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- crypto/evp/evp_asn1.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/crypto/evp/evp_asn1.c b/crypto/evp/evp_asn1.c index bcb86d76..81c7a715 100644 --- a/crypto/evp/evp_asn1.c +++ b/crypto/evp/evp_asn1.c @@ -100,10 +100,16 @@ EVP_PKEY *EVP_parse_public_key(CBS *cbs) { uint8_t padding; if (!CBS_get_asn1(cbs, &spki, CBS_ASN1_SEQUENCE) || !CBS_get_asn1(&spki, &algorithm, CBS_ASN1_SEQUENCE) || - !parse_key_type(&algorithm, &type) || !CBS_get_asn1(&spki, &key, CBS_ASN1_BITSTRING) || - CBS_len(&spki) != 0 || - // Every key type defined encodes the key as a byte string with the same + CBS_len(&spki) != 0) { + OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); + return NULL; + } + if (!parse_key_type(&algorithm, &type)) { + OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM); + return NULL; + } + if (// Every key type defined encodes the key as a byte string with the same // conversion to BIT STRING. !CBS_get_u8(&key, &padding) || padding != 0) { @@ -152,11 +158,14 @@ EVP_PKEY *EVP_parse_private_key(CBS *cbs) { !CBS_get_asn1_uint64(&pkcs8, &version) || version != 0 || !CBS_get_asn1(&pkcs8, &algorithm, CBS_ASN1_SEQUENCE) || - !parse_key_type(&algorithm, &type) || !CBS_get_asn1(&pkcs8, &key, CBS_ASN1_OCTETSTRING)) { OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); return NULL; } + if (!parse_key_type(&algorithm, &type)) { + OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM); + return NULL; + } // A PrivateKeyInfo ends with a SET of Attributes which we ignore.