Fix intermittent sslapitest early data related failures

[openssl.git] / crypto / asn1 / d2i_pu.c

diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c
index 3779a8208d8471e33d76ec8e91c6c58aa2d346e5..cf7825c439034fa2290f49c33ee4b44f137d5d75 100644 (file)
--- a/crypto/asn1/d2i_pu.c
+++ b/crypto/asn1/d2i_pu.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -29,55 +29,70 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
                         long length)
 {
     EVP_PKEY *ret;
+    EVP_PKEY *copy = NULL;
 
     if ((a == NULL) || (*a == NULL)) {
         if ((ret = EVP_PKEY_new()) == NULL) {
-            ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB);
+            ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
             return NULL;
         }
-    } else
+    } else {
         ret = *a;
 
-    if (type != EVP_PKEY_id(ret) && !EVP_PKEY_set_type(ret, type)) {
-        ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB);
+#ifndef OPENSSL_NO_EC
+        if (evp_pkey_is_provided(ret)
+            && EVP_PKEY_get_base_id(ret) == EVP_PKEY_EC) {
+            if (!evp_pkey_copy_downgraded(&copy, ret))
+                goto err;
+        }
+#endif
+    }
+
+    if ((type != EVP_PKEY_get_id(ret) || copy != NULL)
+        && !EVP_PKEY_set_type(ret, type)) {
+        ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
         goto err;
     }
 
-    switch (EVP_PKEY_id(ret)) {
-#ifndef OPENSSL_NO_RSA
+    switch (EVP_PKEY_get_base_id(ret)) {
     case EVP_PKEY_RSA:
         if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, pp, length)) == NULL) {
-            ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
+            ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
             goto err;
         }
         break;
-#endif
 #ifndef OPENSSL_NO_DSA
     case EVP_PKEY_DSA:
-        /* TMP UGLY CAST */
         if (!d2i_DSAPublicKey(&ret->pkey.dsa, pp, length)) {
-            ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
+            ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
             goto err;
         }
         break;
 #endif
 #ifndef OPENSSL_NO_EC
     case EVP_PKEY_EC:
+        if (copy != NULL) {
+            /* use downgraded parameters from copy */
+            ret->pkey.ec = copy->pkey.ec;
+            copy->pkey.ec = NULL;
+        }
         if (!o2i_ECPublicKey(&ret->pkey.ec, pp, length)) {
-            ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
+            ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
             goto err;
         }
         break;
 #endif
     default:
-        ASN1err(ASN1_F_D2I_PUBLICKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+        ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
         goto err;
     }
     if (a != NULL)
         (*a) = ret;
+    EVP_PKEY_free(copy);
     return ret;
  err:
     if (a == NULL || *a != ret)
         EVP_PKEY_free(ret);
+    EVP_PKEY_free(copy);
     return NULL;
 }