PackageCollectionsSigning: correct BoringSSLCertificate.keyType(of:) (#3679)

compnerd · web-flow · commit 1edc34b9b77c · 2021-08-19T11:27:38.000-07:00
This function takes a named argument which is the `EVP_PKEY` and checks
the underlying public key type (expected to be one of RSA or EC).
However, instead of checking the key type of the given public key, it
was always returning the key type of the underlying certificate.  This
happened to give the correct result as the current usage always used the
same object to get the key.  This corrects that and uses the proper
accessors for the value.
diff --git a/Sources/PackageCollectionsSigning/Certificate/Certificate.swift b/Sources/PackageCollectionsSigning/Certificate/Certificate.swift
@@ -181,7 +181,7 @@ final class BoringSSLCertificate {
     }
 
     private func keyType(of key: UnsafeMutablePointer<EVP_PKEY>) throws -> KeyType {
-        let algorithm = CCryptoBoringSSL_OBJ_obj2nid(self.underlying.pointee.cert_info.pointee.key.pointee.algor.pointee.algorithm)
+        let algorithm = CCryptoBoringSSL_EVP_PKEY_id(key)
 
         switch algorithm {
         case NID_rsaEncryption:

Original file line number	Diff line number	Diff line change
`@@ -181,7 +181,7 @@ final class BoringSSLCertificate {`
`181`	`181`	`}`
`182`	`182`
`183`	`183`	`private func keyType(of key: UnsafeMutablePointer<EVP_PKEY>) throws -> KeyType {`
`184`		`- let algorithm = CCryptoBoringSSL_OBJ_obj2nid(self.underlying.pointee.cert_info.pointee.key.pointee.algor.pointee.algorithm)`
	`184`	`+ let algorithm = CCryptoBoringSSL_EVP_PKEY_id(key)`
`185`	`185`
`186`	`186`	`switch algorithm {`
`187`	`187`	`case NID_rsaEncryption:`