backport of commit f150a5259335117632d094bdf33ead0209172654 (#22756)
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
This commit is contained in:
parent
f03bd6163d
commit
d2eb98e2cf
|
@ -0,0 +1,3 @@
|
||||||
|
```release-note:bug
|
||||||
|
secrets/transit: fix panic when providing non-PEM formatted public key for import
|
||||||
|
```
|
|
@ -1531,9 +1531,13 @@ func (p *Policy) ImportPublicOrPrivate(ctx context.Context, storage logical.Stor
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
pemBlock, _ := pem.Decode(key)
|
pemBlock, _ := pem.Decode(key)
|
||||||
|
if pemBlock == nil {
|
||||||
|
return fmt.Errorf("error parsing public key: not in PEM format")
|
||||||
|
}
|
||||||
|
|
||||||
parsedKey, err = x509.ParsePKIXPublicKey(pemBlock.Bytes)
|
parsedKey, err = x509.ParsePKIXPublicKey(pemBlock.Bytes)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("error parsing public key: %s", err)
|
return fmt.Errorf("error parsing public key: %w", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2173,6 +2177,9 @@ func (p *Policy) ImportPrivateKeyForVersion(ctx context.Context, storage logical
|
||||||
case *ecdsa.PrivateKey:
|
case *ecdsa.PrivateKey:
|
||||||
ecdsaKey := parsedPrivateKey.(*ecdsa.PrivateKey)
|
ecdsaKey := parsedPrivateKey.(*ecdsa.PrivateKey)
|
||||||
pemBlock, _ := pem.Decode([]byte(keyEntry.FormattedPublicKey))
|
pemBlock, _ := pem.Decode([]byte(keyEntry.FormattedPublicKey))
|
||||||
|
if pemBlock == nil {
|
||||||
|
return fmt.Errorf("failed to parse key entry public key: invalid PEM blob")
|
||||||
|
}
|
||||||
publicKey, err := x509.ParsePKIXPublicKey(pemBlock.Bytes)
|
publicKey, err := x509.ParsePKIXPublicKey(pemBlock.Bytes)
|
||||||
if err != nil || publicKey == nil {
|
if err != nil || publicKey == nil {
|
||||||
return fmt.Errorf("failed to parse key entry public key: %v", err)
|
return fmt.Errorf("failed to parse key entry public key: %v", err)
|
||||||
|
|
Loading…
Reference in New Issue