Skip to content

Commit

Permalink
crypto: fix public key encoding name in comment
Browse files Browse the repository at this point in the history
PKCS#8 describes an encoding for private keys, not public keys. Using
the name as a format usually refers to the PrivateKeyInfo structure it
defines. (Or sometimes the EncryptedPrivateKeyInfo variant or the
little-used OneAsymmetricKey extension defined in RFC 5958.) None of
these structures can hold public keys to begin with.

d2i_PUBKEY actually parses the public key analogous format defined in
X.509, SubjectPublicKeyInfo. This function already uses "X.509" to refer
to an entire certificate, so say SubjectPublicKeyInfo in the comment.

(The abbreviation SPKI sometimes refers to SubjectPublicKeyInfo, e.g. in
RFC 7469, but it can also an alternate S-expression-based PKI to X.509,
Simple Public Key Infrastructure. To avoid confusion, stick with the
expanded name.)

PR-URL: #25736
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
  • Loading branch information
davidben authored and addaleax committed Feb 1, 2019
1 parent 18b344c commit da46be2
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -2721,7 +2721,7 @@ static ParsePublicKeyResult ParsePublicKeyPEM(EVPKeyPointer* pkey,

ParsePublicKeyResult ret;

// Try PKCS#8 first.
// Try parsing as a SubjectPublicKeyInfo first.
ret = TryParsePublicKey(pkey, bp, "PUBLIC KEY",
[](const unsigned char** p, long l) { // NOLINT(runtime/int)
return d2i_PUBKEY(nullptr, p, l);
Expand Down

0 comments on commit da46be2

Please sign in to comment.