From 2f2f748fde73822038414204b26d3d5f3b07d5ba Mon Sep 17 00:00:00 2001
From: tb <>
Date: Thu, 31 Oct 2024 15:26:05 +0000
Subject: Clean up the mess in i2d_EC_PRIVATEKEY()

Use a few local variables to make the checks at the start slightly less
unappealing. Use those to simplify the conditionals a bit and avoid a
particularly silly exit code. ok is set unless ret is 0, so what do you
think 'return (ok ? ret : 0);' returns? By the way, ret < 0 is an error
as well.

While most of the stuff in this file could use a lot more cleanup, I think
the first layer of cockroaches has been exterminated and there's even some
faint golden glimmer between the turds.

Let's shelve the biohazard warnings for now.

ok jsing
---
 src/lib/libcrypto/ec/ec_asn1.c | 52 +++++++++++++++++++++++++++++-------------
 1 file changed, 36 insertions(+), 16 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/ec/ec_asn1.c b/src/lib/libcrypto/ec/ec_asn1.c
index 50e089a063..8c99773512 100644
--- a/src/lib/libcrypto/ec/ec_asn1.c
+++ b/src/lib/libcrypto/ec/ec_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_asn1.c,v 1.103 2024/10/31 15:07:49 tb Exp $ */
+/* $OpenBSD: ec_asn1.c,v 1.104 2024/10/31 15:26:05 tb Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -1293,46 +1293,66 @@ LCRYPTO_ALIAS(d2i_ECPrivateKey);
 int
 i2d_ECPrivateKey(EC_KEY *ec_key, unsigned char **out)
 {
-	int ret = 0, ok = 0;
 	EC_PRIVATEKEY *ec_privatekey = NULL;
+	const EC_GROUP *group;
+	const BIGNUM *private_key;
+	const EC_POINT *public_key = NULL;
+	int ret = 0;
 
-	if (ec_key == NULL || ec_key->group == NULL || ec_key->priv_key == NULL ||
-	    (!(ec_key->enc_flag & EC_PKEY_NO_PUBKEY) && ec_key->pub_key == NULL)) {
+	if (ec_key == NULL) {
 		ECerror(ERR_R_PASSED_NULL_PARAMETER);
 		goto err;
 	}
+	if ((group = EC_KEY_get0_group(ec_key)) == NULL) {
+		ECerror(EC_R_MISSING_PARAMETERS);
+		goto err;
+	}
+	if ((private_key = EC_KEY_get0_private_key(ec_key)) == NULL) {
+		ECerror(EC_R_KEYS_NOT_SET);
+		goto err;
+	}
+	if ((ec_key->enc_flag & EC_PKEY_NO_PUBKEY) == 0) {
+		if ((public_key = EC_KEY_get0_public_key(ec_key)) == NULL) {
+			ECerror(EC_R_KEYS_NOT_SET);
+			goto err;
+		}
+	}
+
 	if ((ec_privatekey = EC_PRIVATEKEY_new()) == NULL) {
 		ECerror(ERR_R_MALLOC_FAILURE);
 		goto err;
 	}
 	ec_privatekey->version = ec_key->version;
 
-	if (!ec_asn1_encode_private_key(ec_key->group, ec_key->priv_key,
-	    ec_privatekey->privateKey))
+	if (!ec_asn1_encode_private_key(group, private_key, ec_privatekey->privateKey))
 		goto err;
-	if (!(ec_key->enc_flag & EC_PKEY_NO_PARAMETERS)) {
+	if ((ec_key->enc_flag & EC_PKEY_NO_PARAMETERS) == 0) {
 		ECPKPARAMETERS *parameters;
 
-		if ((parameters = ec_asn1_group2pkparameters(ec_key->group)) == NULL) {
+		if ((parameters = ec_asn1_group2pkparameters(group)) == NULL) {
 			ECerror(ERR_R_EC_LIB);
 			goto err;
 		}
 		ec_privatekey->parameters = parameters;
 	}
-	if (!(ec_key->enc_flag & EC_PKEY_NO_PUBKEY) && ec_key->pub_key != NULL) {
-		if (!ec_point_to_asn1_bit_string(ec_key->group, ec_key->pub_key,
-		    ec_key->conv_form, &ec_privatekey->publicKey))
+	if (public_key != NULL) {
+		uint8_t form;
+
+		form = EC_KEY_get_conv_form(ec_key);
+		if (!ec_point_to_asn1_bit_string(group, public_key, form,
+		    &ec_privatekey->publicKey))
 			goto err;
 	}
-	if ((ret = i2d_EC_PRIVATEKEY(ec_privatekey, out)) == 0) {
+
+	if ((ret = i2d_EC_PRIVATEKEY(ec_privatekey, out)) <= 0) {
 		ECerror(ERR_R_EC_LIB);
 		goto err;
 	}
-	ok = 1;
+
  err:
-	if (ec_privatekey)
-		EC_PRIVATEKEY_free(ec_privatekey);
-	return (ok ? ret : 0);
+	EC_PRIVATEKEY_free(ec_privatekey);
+
+	return ret;
 }
 LCRYPTO_ALIAS(i2d_ECPrivateKey);
 
-- 
cgit v1.2.3-55-g6feb