diff options
| author | Richard Levitte <levitte@openssl.org> | 2020-03-24 16:31:43 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-03-27 12:49:17 +0100 |
| commit | 9e2c03582de42e8ac5aa23412affcb9645395e94 (patch) | |
| tree | 09fb597bec213e80ca2590de07f01d78a0879ace /providers | |
| parent | 4c106e20ef49b789e4dc53c97e0f9a701162be85 (diff) | |
| download | openssl-9e2c03582de42e8ac5aa23412affcb9645395e94.zip openssl-9e2c03582de42e8ac5aa23412affcb9645395e94.tar.gz openssl-9e2c03582de42e8ac5aa23412affcb9645395e94.tar.bz2 | |
PROV: Fix EC_KEY exporters to allow domain parameter keys
The provider key export functions for EC_KEY assumed that a public key
is always present, and would fail if not. This blocks any attempt to
export a key structure with only domain parameters.
This is similar to earlier work done in EVP_PKEY_ASN1_METHODs.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11394)
Diffstat (limited to 'providers')
| -rw-r--r-- | providers/implementations/keymgmt/ec_kmgmt.c | 26 |
1 files changed, 12 insertions, 14 deletions
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index 354ca0c..e2cc9ca 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -109,25 +109,23 @@ int key_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl, int include_private size_t pub_key_len = 0; int ret = 0; - if (eckey == NULL) + if (eckey == NULL + || (ecg = EC_KEY_get0_group(eckey)) == NULL) return 0; - ecg = EC_KEY_get0_group(eckey); priv_key = EC_KEY_get0_private_key(eckey); pub_point = EC_KEY_get0_public_key(eckey); - /* group and public_key must be present, priv_key is optional */ - if (ecg == NULL || pub_point == NULL) - return 0; - if ((pub_key_len = EC_POINT_point2buf(ecg, pub_point, - POINT_CONVERSION_COMPRESSED, - &pub_key, NULL)) == 0) - return 0; - - if (!ossl_param_bld_push_octet_string(tmpl, - OSSL_PKEY_PARAM_PUB_KEY, - pub_key, pub_key_len)) - goto err; + if (pub_point != NULL) { + /* convert pub_point to a octet string according to the SECG standard */ + if ((pub_key_len = EC_POINT_point2buf(ecg, pub_point, + POINT_CONVERSION_COMPRESSED, + &pub_key, NULL)) == 0 + || !ossl_param_bld_push_octet_string(tmpl, + OSSL_PKEY_PARAM_PUB_KEY, + pub_key, pub_key_len)) + goto err; + } if (priv_key != NULL && include_private) { size_t sz; |