pkey: give input_type to OSSL_DECODER_CTX

DER encoding may be ambiguous because it doesn't contain information
about the key type or format. For example, DHParameters and
RSAPublicKey look identical on the DER encoding, which is a SEQUENCE
with two INTEGER inside.

Author: rhenium

ext/openssl/ossl_pkey.c

@@ -83,14 +83,14 @@ ossl_pkey_new(EVP_PKEY *pkey)
 # include <openssl/decoder.h>
 
 EVP_PKEY *
-ossl_pkey_read_generic(BIO *bio, VALUE pass)
+ossl_pkey_read_generic(BIO *bio, VALUE pass, const char *input_type)
 {
     void *ppass = (void *)pass;
     OSSL_DECODER_CTX *dctx;
     EVP_PKEY *pkey = NULL;
     int pos = 0, pos2;
 
-    dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, NULL, 0, NULL, NULL);
+    dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, input_type, 0, NULL, NULL);
     if (!dctx)
         goto out;
     if (OSSL_DECODER_CTX_set_pem_password_cb(dctx, ossl_pem_passwd_cb, ppass) != 1)
@@ -158,7 +158,7 @@ ossl_pkey_read_generic(BIO *bio, VALUE pass)
 }
 #else
 EVP_PKEY *
-ossl_pkey_read_generic(BIO *bio, VALUE pass)
+ossl_pkey_read_generic(BIO *bio, VALUE pass, const char *input_type)
 {
     void *ppass = (void *)pass;
     EVP_PKEY *pkey;
@@ -183,6 +183,31 @@ ossl_pkey_read_generic(BIO *bio, VALUE pass)
 	goto out;
 
   out:
+    /* This is to mimic OSSL_DECODER_CTX's input_type parameter */
+    if (pkey && input_type) {
+        switch (EVP_PKEY_base_id(pkey)) {
+          case EVP_PKEY_RSA:
+            if (!strcmp(input_type, "RSA"))
+                return pkey;
+            break;
+          case EVP_PKEY_DSA:
+            if (!strcmp(input_type, "DSA"))
+                return pkey;
+            break;
+          case EVP_PKEY_DH:
+            if (!strcmp(input_type, "DH"))
+                return pkey;
+            break;
+#if !defined(OPENSSL_NO_EC)
+          case EVP_PKEY_EC:
+            if (!strcmp(input_type, "EC"))
+                return pkey;
+            break;
+#endif
+        }
+        EVP_PKEY_free(pkey);
+        return NULL;
+    }
     return pkey;
 }
 #endif
@@ -212,7 +237,7 @@ ossl_pkey_new_from_data(int argc, VALUE *argv, VALUE self)
 
     rb_scan_args(argc, argv, "11", &data, &pass);
     bio = ossl_obj2bio(&data);
-    pkey = ossl_pkey_read_generic(bio, ossl_pem_passwd_value(pass));
+    pkey = ossl_pkey_read_generic(bio, ossl_pem_passwd_value(pass), NULL);
     BIO_free(bio);
     if (!pkey)
 	ossl_raise(ePKeyError, "Could not parse PKey");

ext/openssl/ossl_pkey.h

@@ -29,7 +29,7 @@ extern const rb_data_type_t ossl_evp_pkey_type;
 /* Takes ownership of the EVP_PKEY */
 VALUE ossl_pkey_new(EVP_PKEY *);
 void ossl_pkey_check_public_key(const EVP_PKEY *);
-EVP_PKEY *ossl_pkey_read_generic(BIO *, VALUE);
+EVP_PKEY *ossl_pkey_read_generic(BIO *bio, VALUE pass, const char *input_type);
 EVP_PKEY *GetPKeyPtr(VALUE);
 EVP_PKEY *DupPKeyPtr(VALUE);
 EVP_PKEY *GetPrivPKeyPtr(VALUE);

ext/openssl/ossl_pkey_dh.c

@@ -73,7 +73,6 @@ static VALUE
 ossl_dh_initialize(int argc, VALUE *argv, VALUE self)
 {
     EVP_PKEY *pkey;
-    int type;
 #ifndef OSSL_HAVE_PROVIDER
     DH *dh;
 #endif
@@ -110,16 +109,10 @@ ossl_dh_initialize(int argc, VALUE *argv, VALUE self)
     OSSL_BIO_reset(in);
 #endif
 
-    pkey = ossl_pkey_read_generic(in, Qnil);
+    pkey = ossl_pkey_read_generic(in, Qnil, "DH");
     BIO_free(in);
     if (!pkey)
         ossl_raise(eDHError, "could not parse pkey");
-
-    type = EVP_PKEY_base_id(pkey);
-    if (type != EVP_PKEY_DH) {
-        EVP_PKEY_free(pkey);
-        rb_raise(eDHError, "incorrect pkey type: %s", OBJ_nid2sn(type));
-    }
     RTYPEDDATA_DATA(self) = pkey;
     return self;
 

ext/openssl/ossl_pkey_dsa.c

@@ -89,7 +89,6 @@ ossl_dsa_initialize(int argc, VALUE *argv, VALUE self)
 #endif
     BIO *in = NULL;
     VALUE arg, pass;
-    int type;
 
     TypedData_Get_Struct(self, EVP_PKEY, &ossl_evp_pkey_type, pkey);
     if (pkey)
@@ -122,16 +121,10 @@ ossl_dsa_initialize(int argc, VALUE *argv, VALUE self)
     OSSL_BIO_reset(in);
 #endif
 
-    pkey = ossl_pkey_read_generic(in, pass);
+    pkey = ossl_pkey_read_generic(in, pass, "DSA");
     BIO_free(in);
     if (!pkey)
         ossl_raise(eDSAError, "Neither PUB key nor PRIV key");
-
-    type = EVP_PKEY_base_id(pkey);
-    if (type != EVP_PKEY_DSA) {
-        EVP_PKEY_free(pkey);
-        rb_raise(eDSAError, "incorrect pkey type: %s", OBJ_nid2sn(type));
-    }
     RTYPEDDATA_DATA(self) = pkey;
     return self;
 

ext/openssl/ossl_pkey_ec.c

@@ -142,7 +142,6 @@ static VALUE ossl_ec_key_initialize(int argc, VALUE *argv, VALUE self)
     EC_KEY *ec;
     BIO *in;
     VALUE arg, pass;
-    int type;
 
     TypedData_Get_Struct(self, EVP_PKEY, &ossl_evp_pkey_type, pkey);
     if (pkey)
@@ -163,19 +162,13 @@ static VALUE ossl_ec_key_initialize(int argc, VALUE *argv, VALUE self)
     arg = ossl_to_der_if_possible(arg);
     in = ossl_obj2bio(&arg);
 
-    pkey = ossl_pkey_read_generic(in, pass);
+    pkey = ossl_pkey_read_generic(in, pass, "EC");
     BIO_free(in);
     if (!pkey) {
         ossl_clear_error();
         ec = ec_key_new_from_group(arg);
         goto legacy;
     }
-
-    type = EVP_PKEY_base_id(pkey);
-    if (type != EVP_PKEY_EC) {
-        EVP_PKEY_free(pkey);
-        rb_raise(eDSAError, "incorrect pkey type: %s", OBJ_nid2sn(type));
-    }
     RTYPEDDATA_DATA(self) = pkey;
     return self;
 

ext/openssl/ossl_pkey_rsa.c

@@ -82,7 +82,6 @@ ossl_rsa_initialize(int argc, VALUE *argv, VALUE self)
 #endif
     BIO *in = NULL;
     VALUE arg, pass;
-    int type;
 
     TypedData_Get_Struct(self, EVP_PKEY, &ossl_evp_pkey_type, pkey);
     if (pkey)
@@ -118,16 +117,10 @@ ossl_rsa_initialize(int argc, VALUE *argv, VALUE self)
 #endif
 
     /* Use the generic routine */
-    pkey = ossl_pkey_read_generic(in, pass);
+    pkey = ossl_pkey_read_generic(in, pass, "RSA");
     BIO_free(in);
     if (!pkey)
         ossl_raise(eRSAError, "Neither PUB key nor PRIV key");
-
-    type = EVP_PKEY_base_id(pkey);
-    if (type != EVP_PKEY_RSA) {
-        EVP_PKEY_free(pkey);
-        rb_raise(eRSAError, "incorrect pkey type: %s", OBJ_nid2sn(type));
-    }
     RTYPEDDATA_DATA(self) = pkey;
     return self;