From: Richard Levitte <levitte@openssl.org>
Date: Sun, 2 Aug 2020 14:41:04 +0000 (+0200)
Subject: EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8()
X-Git-Tag: openssl-3.0.0-alpha7~401
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b5275648843ace1a441521823913ccbbebb8769c;p=thirdparty%2Fopenssl.git

EVP: Downgrade EVP_PKEYs in EVP_PKEY2PKCS8()

EVP_PKEY2PKCS8() relies on the presence of an EVP_PKEY_ASN1_METHOD,
which requires "downgrading" the EVP_PKEY to have a legacy internal
key.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
---

diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c
index 92ae3e5fe8f..d435c86087c 100644
--- a/crypto/evp/evp_pkey.c
+++ b/crypto/evp/evp_pkey.c
@@ -77,6 +77,11 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey)
         return NULL;
     }
 
+    /* Force a key downgrade if that's possible */
+    /* TODO(3.0) Is there a better way for provider-native keys? */
+    if (EVP_PKEY_get0(pkey) == NULL)
+        return NULL;
+
     if (pkey->ameth) {
         if (pkey->ameth->priv_encode) {
             if (!pkey->ameth->priv_encode(p8, pkey)) {