mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-17 14:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix ASN.1 private encode of EC_KEY to not change the input key

Browse Source 
RT#4611

Reviewed-by: Stephen Henson <steve@openssl.org>
This commit is contained in:
Richard Levitte 2016-07-15 13:31:26 +02:00
parent d166ed8c11
commit b8a7bd83e6
1 changed files with 9 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
crypto/ec/ec_ameth.c
View File

@ -16,6 +16,7 @@
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
#include "internal/asn1_int.h" #include "internal/asn1_int.h"
#include "internal/evp_int.h" #include "internal/evp_int.h"
#include "ec_lcl.h"
#ifndef OPENSSL_NO_CMS #ifndef OPENSSL_NO_CMS
static int ecdh_cms_decrypt(CMS_RecipientInfo *ri); static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);
@ -213,15 +214,13 @@ static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
{ {
EC_KEY *ec_key; EC_KEY ec_key = *(pkey->pkey.ec);
unsigned char *ep, *p; unsigned char *ep, *p;
int eplen, ptype; int eplen, ptype;
void *pval; void *pval;
unsigned int tmp_flags, old_flags; unsigned int old_flags;
ec_key = pkey->pkey.ec; if (!eckey_param2type(&ptype, &pval, &ec_key)) {
if (!eckey_param2type(&ptype, &pval, ec_key)) {
ECerr(EC_F_ECKEY_PRIV_ENCODE, EC_R_DECODE_ERROR); ECerr(EC_F_ECKEY_PRIV_ENCODE, EC_R_DECODE_ERROR);
return 0; return 0;
} }
@ -232,30 +231,25 @@ static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
* do not include the parameters in the SEC1 private key see PKCS#11 * do not include the parameters in the SEC1 private key see PKCS#11
* 12.11 * 12.11
*/ */
old_flags = EC_KEY_get_enc_flags(ec_key); old_flags = EC_KEY_get_enc_flags(&ec_key);
tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS; EC_KEY_set_enc_flags(&ec_key, old_flags | EC_PKEY_NO_PARAMETERS);
EC_KEY_set_enc_flags(ec_key, tmp_flags);
eplen = i2d_ECPrivateKey(ec_key, NULL); eplen = i2d_ECPrivateKey(&ec_key, NULL);
if (!eplen) { if (!eplen) {
EC_KEY_set_enc_flags(ec_key, old_flags);
ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB); ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
return 0; return 0;
} }
ep = OPENSSL_malloc(eplen); ep = OPENSSL_malloc(eplen);
if (ep == NULL) { if (ep == NULL) {
EC_KEY_set_enc_flags(ec_key, old_flags);
ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
return 0; return 0;
} }
p = ep; p = ep;
if (!i2d_ECPrivateKey(ec_key, &p)) { if (!i2d_ECPrivateKey(&ec_key, &p)) {
EC_KEY_set_enc_flags(ec_key, old_flags);
OPENSSL_free(ep); OPENSSL_free(ep);
ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB); ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
return 0; return 0;
} }
/* restore old encoding flags */
EC_KEY_set_enc_flags(ec_key, old_flags);
if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0, if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0,
ptype, pval, ep, eplen)) ptype, pval, ep, eplen))