diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2022-08-01 18:54:06 +0200 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2022-08-24 11:27:12 +0200 |
| commit | 293ab820812b3979161c5f018c2e753bcd3b11a4 (patch) | |
| tree | 0c4a84a95852712e6ddc56ae65463a21e44d2377 /crypto/crmf | |
| parent | c0f6792b81784be05c5e51156767a873bca1b374 (diff) | |
| download | openssl-new-293ab820812b3979161c5f018c2e753bcd3b11a4.tar.gz | |
CRMF: make create_popo_signature() check that pubkey and pkey match
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18930)
Diffstat (limited to 'crypto/crmf')
| -rw-r--r-- | crypto/crmf/crmf_lib.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index e28c7fe9be..aaafda4ba3 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -31,6 +31,7 @@ #include "crmf_local.h" #include "internal/constant_time.h" #include "internal/sizes.h" +#include "crypto/x509.h" /* explicit #includes not strictly needed since implied by the above: */ #include <openssl/crmf.h> @@ -370,11 +371,16 @@ static int create_popo_signature(OSSL_CRMF_POPOSIGNINGKEY *ps, OSSL_LIB_CTX *libctx, const char *propq) { char name[80] = ""; + EVP_PKEY *pub; if (ps == NULL || cr == NULL || pkey == NULL) { ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); return 0; } + pub = X509_PUBKEY_get0(cr->certTemplate->publicKey); + if (!ossl_x509_check_private_key(pub, pkey)) + return 0; + if (ps->poposkInput != NULL) { /* We do not support cases 1+2 defined in RFC 4211, section 4.1 */ ERR_raise(ERR_LIB_CRMF, CRMF_R_POPOSKINPUT_NOT_SUPPORTED); |