diff options
| author | tb <> | 2024-10-28 17:58:18 +0000 |
|---|---|---|
| committer | tb <> | 2024-10-28 17:58:18 +0000 |
| commit | 0bd57c6657dcc22878debfe15918c1d2a351a425 (patch) | |
| tree | 33191fc6eb349b18050329da7a2600a843958277 /src | |
| parent | 14337ede20ff409ce7a9e79f939bd3f1d8909e01 (diff) | |
| download | openbsd-0bd57c6657dcc22878debfe15918c1d2a351a425.tar.gz openbsd-0bd57c6657dcc22878debfe15918c1d2a351a425.tar.bz2 openbsd-0bd57c6657dcc22878debfe15918c1d2a351a425.zip | |
d2i_ECPrivateKey: split parameter setting into a helper
In order to decode a private key, the group must be known in some way.
Typically, the group is encoded in the EC domain parameters, preferably
as a named curve (this is mandatory in PKIX per RFC 5480).
However, the group could be absent because the domain parameters are
OPTIONAL in the ECPrivateKey SEQUENCE. In that case the code falls
back to the group that may already be set on the EC_KEY. Now there is
no way to tell whether that group is the right one...
In any case. Split this thing out of the body of d2i_ECPrivateKey()
to make that function a bit less of an eyesore.
ok jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/ec/ec_asn1.c | 34 |
1 files changed, 26 insertions, 8 deletions
diff --git a/src/lib/libcrypto/ec/ec_asn1.c b/src/lib/libcrypto/ec/ec_asn1.c index 842089f813..1ba1e36435 100644 --- a/src/lib/libcrypto/ec/ec_asn1.c +++ b/src/lib/libcrypto/ec/ec_asn1.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ec_asn1.c,v 1.89 2024/10/28 17:40:46 tb Exp $ */ | 1 | /* $OpenBSD: ec_asn1.c,v 1.90 2024/10/28 17:58:18 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Written by Nils Larsch for the OpenSSL project. | 3 | * Written by Nils Larsch for the OpenSSL project. |
| 4 | */ | 4 | */ |
| @@ -1089,6 +1089,30 @@ i2d_ECPKParameters(const EC_GROUP *group, unsigned char **out_der) | |||
| 1089 | } | 1089 | } |
| 1090 | LCRYPTO_ALIAS(i2d_ECPKParameters); | 1090 | LCRYPTO_ALIAS(i2d_ECPKParameters); |
| 1091 | 1091 | ||
| 1092 | static int | ||
| 1093 | ec_key_set_group_from_parameters(EC_KEY *ec_key, const ECPKPARAMETERS *params) | ||
| 1094 | { | ||
| 1095 | EC_GROUP *group = NULL; | ||
| 1096 | int ret = 0; | ||
| 1097 | |||
| 1098 | /* Use group in parameters, if any. Fall back to existing group. */ | ||
| 1099 | if (params != NULL) { | ||
| 1100 | if ((group = ec_asn1_pkparameters2group(params)) == NULL) | ||
| 1101 | goto err; | ||
| 1102 | if (!EC_KEY_set_group(ec_key, group)) | ||
| 1103 | goto err; | ||
| 1104 | } | ||
| 1105 | if (ec_key->group == NULL) | ||
| 1106 | goto err; | ||
| 1107 | |||
| 1108 | ret = 1; | ||
| 1109 | |||
| 1110 | err: | ||
| 1111 | EC_GROUP_free(group); | ||
| 1112 | |||
| 1113 | return ret; | ||
| 1114 | } | ||
| 1115 | |||
| 1092 | EC_KEY * | 1116 | EC_KEY * |
| 1093 | d2i_ECPrivateKey(EC_KEY **out_ec_key, const unsigned char **in, long len) | 1117 | d2i_ECPrivateKey(EC_KEY **out_ec_key, const unsigned char **in, long len) |
| 1094 | { | 1118 | { |
| @@ -1106,14 +1130,8 @@ d2i_ECPrivateKey(EC_KEY **out_ec_key, const unsigned char **in, long len) | |||
| 1106 | } | 1130 | } |
| 1107 | 1131 | ||
| 1108 | ec_key->version = ec_privatekey->version; | 1132 | ec_key->version = ec_privatekey->version; |
| 1109 | if (ec_privatekey->parameters) { | 1133 | if (!ec_key_set_group_from_parameters(ec_key, ec_privatekey->parameters)) |
| 1110 | EC_GROUP_free(ec_key->group); | ||
| 1111 | ec_key->group = ec_asn1_pkparameters2group(ec_privatekey->parameters); | ||
| 1112 | } | ||
| 1113 | if (ec_key->group == NULL) { | ||
| 1114 | ECerror(ERR_R_EC_LIB); | ||
| 1115 | goto err; | 1134 | goto err; |
| 1116 | } | ||
| 1117 | 1135 | ||
| 1118 | if (ec_privatekey->privateKey) { | 1136 | if (ec_privatekey->privateKey) { |
| 1119 | ec_key->priv_key = BN_bin2bn( | 1137 | ec_key->priv_key = BN_bin2bn( |