mirror of
https://github.com/QuasarApp/openssl.git
synced 2025-05-08 07:29:41 +00:00
65ef000ec2
The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)