Simplify error reporting in X509_PUBKEY_get0()

The X509_PUBKEY_get0() was attempting to recreate any errors that might
have occurred from the earlier decode process when obtaining the EVP_PKEY.
This is brittle at best and the approach would only work with legacy keys.
We remove this and just report an error directly.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15504)

1 files changed, 8 insertions, 20 deletions

diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index 20216bd922..3f447c4c12 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -414,30 +414,18 @@ static int x509_pubkey_decode(EVP_PKEY **ppkey, const X509_PUBKEY *key)
 
 EVP_PKEY *X509_PUBKEY_get0(const X509_PUBKEY *key)
 {
-    EVP_PKEY *ret = NULL;
-
-    if (key == NULL || key->public_key == NULL)
+    if (key == NULL) {
+        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
         return NULL;
+    }
 
-    if (key->pkey != NULL)
-        return key->pkey;
-
-    /*
-     * When the key ASN.1 is initially parsed an attempt is made to
-     * decode the public key and cache the EVP_PKEY structure. If this
-     * operation fails the cached value will be NULL. Parsing continues
-     * to allow parsing of unknown key types or unsupported forms.
-     * We repeat the decode operation so the appropriate errors are left
-     * in the queue.
-     */
-    x509_pubkey_decode(&ret, key);
-    /* If decode doesn't fail something bad happened */
-    if (ret != NULL) {
-        ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR);
-        EVP_PKEY_free(ret);
+    if (key->pkey == NULL) {
+        /* We failed to decode the key when we loaded it, or it was never set */
+        ERR_raise(ERR_LIB_EVP, EVP_R_DECODE_ERROR);
+        return NULL;
     }
 
-    return NULL;
+    return key->pkey;
 }
 
 EVP_PKEY *X509_PUBKEY_get(const X509_PUBKEY *key)