mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-04-06 20:20:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

ossl_cmp_certreq_new(): Fix POPO key mismatch in case newPkey is just public key

Browse Source 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13409)
This commit is contained in:
Dr. David von Oheimb 2020-11-13 21:45:46 +01:00
parent 8c5c2fa544
commit f87ead9801
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
crypto/cmp/cmp_msg.c
View File

@ -334,7 +334,12 @@ OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int type,
if (type != OSSL_CMP_PKIBODY_P10CR) {
EVP_PKEY *privkey = OSSL_CMP_CTX_get0_newPkey(ctx, 1);
if (privkey == NULL)
/*
* privkey is NULL in case ctx->newPkey does not include a private key.
* We then may try to use ctx->pkey as fallback/default, but only
* if ctx-> newPkey does not include a (non-matching) public key:
*/
if (privkey == NULL && OSSL_CMP_CTX_get0_newPkey(ctx, 0) == NULL)
privkey = ctx->pkey; /* default is independent of ctx->oldCert */
if (ctx->popoMethod == OSSL_CRMF_POPO_SIGNATURE && privkey == NULL) {
ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_PRIVATE_KEY);