Distinguish unrecognized SPKI/PKCS8 key types from syntax errors.

Change-Id: Ia24aae31296772e2ddccf78f10a6640da459adf7
Reviewed-on: https://boringssl-review.googlesource.com/28548
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>

crypto/evp/evp_asn1.c

@@ -100,10 +100,16 @@ EVP_PKEY *EVP_parse_public_key(CBS *cbs) {
   uint8_t padding;
   if (!CBS_get_asn1(cbs, &spki, CBS_ASN1_SEQUENCE) ||
       !CBS_get_asn1(&spki, &algorithm, CBS_ASN1_SEQUENCE) ||
-      !parse_key_type(&algorithm, &type) ||
       !CBS_get_asn1(&spki, &key, CBS_ASN1_BITSTRING) ||
-      CBS_len(&spki) != 0 ||
+      CBS_len(&spki) != 0) {
-      // Every key type defined encodes the key as a byte string with the same
+    OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
+    return NULL;
+  }
+  if (!parse_key_type(&algorithm, &type)) {
+    OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM);
+    return NULL;
+  }
+  if (// Every key type defined encodes the key as a byte string with the same
       // conversion to BIT STRING.
       !CBS_get_u8(&key, &padding) ||
       padding != 0) {
@@ -152,11 +158,14 @@ EVP_PKEY *EVP_parse_private_key(CBS *cbs) {
       !CBS_get_asn1_uint64(&pkcs8, &version) ||
       version != 0 ||
       !CBS_get_asn1(&pkcs8, &algorithm, CBS_ASN1_SEQUENCE) ||
-      !parse_key_type(&algorithm, &type) ||
       !CBS_get_asn1(&pkcs8, &key, CBS_ASN1_OCTETSTRING)) {
     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
     return NULL;
   }
+  if (!parse_key_type(&algorithm, &type)) {
+    OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM);
+    return NULL;
+  }
 
   // A PrivateKeyInfo ends with a SET of Attributes which we ignore.