summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortb <>2024-10-30 17:54:54 +0000
committertb <>2024-10-30 17:54:54 +0000
commit053aff6eb0d281ddc333965307239cf742b2eeb4 (patch)
treee964288924569de8dddaf33c151fffccf610decd
parent93e5d0e71fb8933f875cee0579c55866040e98a0 (diff)
downloadopenbsd-053aff6eb0d281ddc333965307239cf742b2eeb4.tar.gz
openbsd-053aff6eb0d281ddc333965307239cf742b2eeb4.tar.bz2
openbsd-053aff6eb0d281ddc333965307239cf742b2eeb4.zip
Add ec_point_from_asn1_bit_string()
This is inverse to ec_point_to_asn1_bit_string(). Use it to simplify the ec_key_set_public_key() helper. ok jsing
Diffstat
-rw-r--r--src/lib/libcrypto/ec/ec_asn1.c36
1 files changed, 20 insertions, 16 deletions
diff --git a/src/lib/libcrypto/ec/ec_asn1.c b/src/lib/libcrypto/ec/ec_asn1.c
index ec322a8559..7cc9a75c55 100644
--- a/src/lib/libcrypto/ec/ec_asn1.c
+++ b/src/lib/libcrypto/ec/ec_asn1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec_asn1.c,v 1.100 2024/10/30 17:53:28 tb Exp $ */ 1/* $OpenBSD: ec_asn1.c,v 1.101 2024/10/30 17:54:54 tb Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project. 3 * Written by Nils Larsch for the OpenSSL project.
4 */ 4 */
@@ -569,6 +569,22 @@ ec_point_from_asn1_string(const EC_GROUP *group, const ASN1_STRING *astr,
569} 569}
570 570
571static int 571static int
572ec_point_from_asn1_bit_string(const EC_GROUP *group, const ASN1_BIT_STRING *abs,
573 EC_POINT **out_point, uint8_t *out_form)
574{
575 /*
576 * Per SEC 1, C.3, the bit string representing the public key comes from
577 * an octet string, therefore the unused bits octet must be 0x00.
578 * XXX - move this check to a helper in a_bitstr.c?
579 */
580 if ((abs->flags & ASN1_STRING_FLAG_BITS_LEFT) != 0 &&
581 (abs->flags & 0x07) != 0)
582 return 0;
583
584 return ec_point_from_asn1_string(group, abs, out_point, out_form);
585}
586
587static int
572ec_point_from_asn1_octet_string(const EC_GROUP *group, const ASN1_OCTET_STRING *aos, 588ec_point_from_asn1_octet_string(const EC_GROUP *group, const ASN1_OCTET_STRING *aos,
573 EC_POINT **out_point, uint8_t *out_form) 589 EC_POINT **out_point, uint8_t *out_form)
574{ 590{
@@ -1207,8 +1223,8 @@ ec_key_set_private_key(EC_KEY *ec_key, const ASN1_OCTET_STRING *aos)
1207static int 1223static int
1208ec_key_set_public_key(EC_KEY *ec_key, const ASN1_BIT_STRING *abs) 1224ec_key_set_public_key(EC_KEY *ec_key, const ASN1_BIT_STRING *abs)
1209{ 1225{
1210 const EC_GROUP *group = ec_key->group;
1211 EC_POINT *pub_key = NULL; 1226 EC_POINT *pub_key = NULL;
1227 uint8_t form;
1212 int ret = 0; 1228 int ret = 0;
1213 1229
1214 if (abs == NULL) { 1230 if (abs == NULL) {
@@ -1216,24 +1232,12 @@ ec_key_set_public_key(EC_KEY *ec_key, const ASN1_BIT_STRING *abs)
1216 return eckey_compute_pubkey(ec_key); 1232 return eckey_compute_pubkey(ec_key);
1217 } 1233 }
1218 1234
1219 /*
1220 * Per SEC 1, C.3, the bit string representing the public key comes from
1221 * an octet string, therefore the unused bits octet must be 0x00.
1222 * XXX - move this check to a helper in a_bitstr.c?
1223 */
1224 if ((abs->flags & ASN1_STRING_FLAG_BITS_LEFT) != 0 &&
1225 (abs->flags & 0x07) != 0)
1226 goto err;
1227
1228 /* XXX - SEC 1, 2.3.4 does not allow hybrid encoding. */ 1235 /* XXX - SEC 1, 2.3.4 does not allow hybrid encoding. */
1229 if ((pub_key = EC_POINT_new(group)) == NULL) 1236 if (!ec_point_from_asn1_bit_string(ec_key->group, abs, &pub_key, &form))
1230 goto err;
1231 if (!EC_POINT_oct2point(group, pub_key, abs->data, abs->length, NULL))
1232 goto err; 1237 goto err;
1233 if (!EC_KEY_set_public_key(ec_key, pub_key)) 1238 if (!EC_KEY_set_public_key(ec_key, pub_key))
1234 goto err; 1239 goto err;
1235 /* oct2point has ensured that to be compressed, uncompressed, or hybrid. */ 1240 EC_KEY_set_conv_form(ec_key, form);
1236 ec_key->conv_form = abs->data[0] & ~1U;
1237 1241
1238 ret = 1; 1242 ret = 1;
1239 1243
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 06:39:20 +0000