diff options
author | Bodo Möller <bodo@openssl.org> | 2006-12-19 15:11:37 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2006-12-19 15:11:37 +0000 |
commit | 772e3c07b4b09f2e59d35da3ce67410b625a39d4 (patch) | |
tree | a8d44c584b48f84b9a618d1097bab7b619a096a1 | |
parent | 360ff3cf58df504e4fdef7cfa5505f55103cd51a (diff) | |
download | openssl-772e3c07b4b09f2e59d35da3ce67410b625a39d4.zip openssl-772e3c07b4b09f2e59d35da3ce67410b625a39d4.tar.gz openssl-772e3c07b4b09f2e59d35da3ce67410b625a39d4.tar.bz2 |
Fix the BIT STRING encoding of EC points or parameter seeds
(need to prevent the removal of trailing zero bits).
-rw-r--r-- | CHANGES | 8 | ||||
-rw-r--r-- | crypto/ec/ec_asn1.c | 4 |
2 files changed, 12 insertions, 0 deletions
@@ -418,6 +418,14 @@ Changes between 0.9.8d and 0.9.8e [XX xxx XXXX] + *) Fix the BIT STRING encoding generated by crypto/ec/ec_asn1.c + (within i2d_ECPrivateKey, i2d_ECPKParameters, i2d_ECParameters): + When a point or a seed is encoded in a BIT STRING, we need to + prevent the removal of trailing zero bits to get the proper DER + encoding. (By default, crypto/asn1/a_bitstr.c assumes the case + of a NamedBitList, for which trailing 0 bits need to be removed.) + [Bodo Moeller] + *) Have SSL/TLS server implementation tolerate "mismatched" record protocol version while receiving ClientHello even if the ClientHello is fragmented. (The server can't insist on the diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 66ef129..ae55539 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -529,6 +529,8 @@ static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); goto err; } + curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); + curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT; if (!ASN1_BIT_STRING_set(curve->seed, group->seed, (int)group->seed_len)) { @@ -1291,6 +1293,8 @@ int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out) goto err; } + priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); + priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT; if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer, buf_len)) { |