From: Matt Caswell Date: Fri, 4 Jun 2021 13:16:42 +0000 (+0100) Subject: Simplify error reporting in X509_PUBKEY_get0() X-Git-Tag: openssl-3.0.0-beta1~129 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1df8322ce0b54d171dea1a364a3c78a8a4980f65;p=thirdparty%2Fopenssl.git Simplify error reporting in X509_PUBKEY_get0() The X509_PUBKEY_get0() was attempting to recreate any errors that might have occurred from the earlier decode process when obtaining the EVP_PKEY. This is brittle at best and the approach would only work with legacy keys. We remove this and just report an error directly. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15504) --- diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index 20216bd9229..3f447c4c12f 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -414,30 +414,18 @@ static int x509_pubkey_decode(EVP_PKEY **ppkey, const X509_PUBKEY *key) EVP_PKEY *X509_PUBKEY_get0(const X509_PUBKEY *key) { - EVP_PKEY *ret = NULL; - - if (key == NULL || key->public_key == NULL) + if (key == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); return NULL; + } - if (key->pkey != NULL) - return key->pkey; - - /* - * When the key ASN.1 is initially parsed an attempt is made to - * decode the public key and cache the EVP_PKEY structure. If this - * operation fails the cached value will be NULL. Parsing continues - * to allow parsing of unknown key types or unsupported forms. - * We repeat the decode operation so the appropriate errors are left - * in the queue. - */ - x509_pubkey_decode(&ret, key); - /* If decode doesn't fail something bad happened */ - if (ret != NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR); - EVP_PKEY_free(ret); + if (key->pkey == NULL) { + /* We failed to decode the key when we loaded it, or it was never set */ + ERR_raise(ERR_LIB_EVP, EVP_R_DECODE_ERROR); + return NULL; } - return NULL; + return key->pkey; } EVP_PKEY *X509_PUBKEY_get(const X509_PUBKEY *key)