Closed Xynnn007 closed 5 months ago
Thanks for the PR! I'll have a look, though I have some learning to do to give a useful review.
Hi @cbgbt @bcressey Thanks for reviewing/merging this. When will the next crate release be published including this patch?
Kindly ping again @cbgbt @bcressey . When will the next crate release be published including this patch?
Kindly ping again @cbgbt @bcressey . When will the next crate release be published including this patch?
This is released, sorry for the delay. Unfortunately #755 isn't in this release so we will need to do another release as soon as we can.
In the ecdsa public key, there are two OIDs to specify the key type and the curve. In the decode logic OID_EC_PUBLIC_KEY and OID_EC_PARAM_SECP256R1 are specified.
However, in
ring::io::der
every read would only read one OID. Current code does not read the second OID and use the first OID to compared the given OID_EC_PARAM_SECP256R1 one. Thus all legal pem ecdsa keys would be deserialized unsuccessfully.