cbgbt
commented
6 months ago Thanks for the PR! I'll have a look, though I have some learning to do to give a useful review.
Closed Xynnn007 closed 5 months ago
cbgbt
commented
6 months ago Thanks for the PR! I'll have a look, though I have some learning to do to give a useful review.
Xynnn007
commented
5 months ago Hi @cbgbt @bcressey Thanks for reviewing/merging this. When will the next crate release be published including this patch?
Xynnn007
commented
3 months ago Kindly ping again @cbgbt @bcressey . When will the next crate release be published including this patch?
webern
commented
3 months ago Kindly ping again @cbgbt @bcressey . When will the next crate release be published including this patch?
This is released, sorry for the delay. Unfortunately #755 isn't in this release so we will need to do another release as soon as we can.
In the ecdsa public key, there are two OIDs to specify the key type and the curve. In the decode logic OID_EC_PUBLIC_KEY and OID_EC_PARAM_SECP256R1 are specified.
However, in
ring::io::derevery read would only read one OID. Current code does not read the second OID and use the first OID to compared the given OID_EC_PARAM_SECP256R1 one. Thus all legal pem ecdsa keys would be deserialized unsuccessfully.