backport of commit f150a5259335117632d094bdf33ead0209172654 (#22756)

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
This commit is contained in:
hc-github-team-secure-vault-core 2023-09-05 11:00:07 -04:00 committed by GitHub
parent f03bd6163d
commit d2eb98e2cf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 1 deletions

3
changelog/22753.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
secrets/transit: fix panic when providing non-PEM formatted public key for import
```

View File

@ -1531,9 +1531,13 @@ func (p *Policy) ImportPublicOrPrivate(ctx context.Context, storage logical.Stor
} }
} else { } else {
pemBlock, _ := pem.Decode(key) pemBlock, _ := pem.Decode(key)
if pemBlock == nil {
return fmt.Errorf("error parsing public key: not in PEM format")
}
parsedKey, err = x509.ParsePKIXPublicKey(pemBlock.Bytes) parsedKey, err = x509.ParsePKIXPublicKey(pemBlock.Bytes)
if err != nil { if err != nil {
return fmt.Errorf("error parsing public key: %s", err) return fmt.Errorf("error parsing public key: %w", err)
} }
} }
@ -2173,6 +2177,9 @@ func (p *Policy) ImportPrivateKeyForVersion(ctx context.Context, storage logical
case *ecdsa.PrivateKey: case *ecdsa.PrivateKey:
ecdsaKey := parsedPrivateKey.(*ecdsa.PrivateKey) ecdsaKey := parsedPrivateKey.(*ecdsa.PrivateKey)
pemBlock, _ := pem.Decode([]byte(keyEntry.FormattedPublicKey)) pemBlock, _ := pem.Decode([]byte(keyEntry.FormattedPublicKey))
if pemBlock == nil {
return fmt.Errorf("failed to parse key entry public key: invalid PEM blob")
}
publicKey, err := x509.ParsePKIXPublicKey(pemBlock.Bytes) publicKey, err := x509.ParsePKIXPublicKey(pemBlock.Bytes)
if err != nil || publicKey == nil { if err != nil || publicKey == nil {
return fmt.Errorf("failed to parse key entry public key: %v", err) return fmt.Errorf("failed to parse key entry public key: %v", err)