Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v16] fix: tolerate mismatched key PEM headers #46727

Merged
merged 1 commit into from
Sep 18, 2024
Merged

[v16] fix: tolerate mismatched key PEM headers #46727

merged 1 commit into from
Sep 18, 2024

Conversation

nklaassen
Copy link
Contributor

Backport #46725 to branch/v16

Issue #43381 introduced a regression where we now fail to parse PKCS8 encoded RSA private keys within an "RSA PRIVATE KEY" PEM block in some cases.
This format is somewhat non-standard, usually PKCS8 data should be in a "PRIVATE KEY" PEM block. However, certain versions of OpenSSL and possibly even Teleport in specific cases have generated private keys in this format.

This commit updates ParsePrivateKey and ParsePublicKey to be more tolerant of PKCS8, PKCS1, or PKIX key data no matter which PEM header is used.

changelog: fixed regression in private key parser to handle mismatched PEM headers

@nklaassen
[v16] fix: tolerate mismatched key PEM headers
0f5a531 
Backport #46725 to branch/v16

Issue #43381 introduced a regression where we now fail to parse PKCS8
encoded RSA private keys within an "RSA PRIVATE KEY" PEM block in
some cases.
This format is somewhat non-standard, usually PKCS8 data should be in a
"PRIVATE KEY" PEM block. However, certain versions of OpenSSL and
possibly even Teleport in specific cases have generated private keys in
this format.

This commit updates ParsePrivateKey and ParsePublicKey to be more
tolerant of PKCS8, PKCS1, or PKIX key data no matter which PEM header is
used.

changelog: fixed regression in private key parser to handle mismatched PEM headers
@nklaassen nklaassen added this pull request to the merge queue Sep 18, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Sep 18, 2024
@nklaassen nklaassen added this pull request to the merge queue Sep 18, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Sep 18, 2024
@nklaassen nklaassen added this pull request to the merge queue Sep 18, 2024
Merged via the queue into branch/v16 with commit 626c618 Sep 18, 2024
42 checks passed
@nklaassen nklaassen deleted the nklaassen/v16/fix-key-parse-regression branch September 18, 2024 20:10
@BrewTestBot BrewTestBot mentioned this pull request Sep 23, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@avatus avatus avatus approved these changes

@espadolini espadolini espadolini approved these changes

Assignees
No one assigned
Labels
backport size/md
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nklaassen @espadolini @avatus