projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Explicitly check for empty ASN.1 strings in d2i_ECPrivateKey
[openssl.git]
/
crypto
/
ec
/
ec_asn1.c
diff --git
a/crypto/ec/ec_asn1.c
b/crypto/ec/ec_asn1.c
index ae555398594b8e6c02bd554015853000efeff744..52d31c2f9642d0eeaf7d47edf8784396c2a4e29f 100644
(file)
--- a/
crypto/ec/ec_asn1.c
+++ b/
crypto/ec/ec_asn1.c
@@
-83,13
+83,14
@@
int EC_GROUP_get_basis_type(const EC_GROUP *group)
/* everything else is currently not supported */
return 0;
}
/* everything else is currently not supported */
return 0;
}
-
+#ifndef OPENSSL_NO_EC2M
int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k)
{
if (group == NULL)
return 0;
int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k)
{
if (group == NULL)
return 0;
- if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve
+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
+ NID_X9_62_characteristic_two_field
|| !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0)))
{
ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|| !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0)))
{
ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
@@
-101,14
+102,14
@@
int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k)
return 1;
}
return 1;
}
-
int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
unsigned int *k2, unsigned int *k3)
{
if (group == NULL)
return 0;
int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
unsigned int *k2, unsigned int *k3)
{
if (group == NULL)
return 0;
- if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve
+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
+ NID_X9_62_characteristic_two_field
|| !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0)))
{
ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|| !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0)))
{
ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
@@
-124,7
+125,7
@@
int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
return 1;
}
return 1;
}
-
+#endif
/* some structures needed for the asn1 encoding */
/* some structures needed for the asn1 encoding */
@@
-340,6
+341,12
@@
static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
}
}
else /* nid == NID_X9_62_characteristic_two_field */
}
}
else /* nid == NID_X9_62_characteristic_two_field */
+#ifdef OPENSSL_NO_EC2M
+ {
+ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_GF2M_NOT_SUPPORTED);
+ goto err;
+ }
+#else
{
int field_type;
X9_62_CHARACTERISTIC_TWO *char_two;
{
int field_type;
X9_62_CHARACTERISTIC_TWO *char_two;
@@
-419,6
+426,7
@@
static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
}
}
}
}
}
}
+#endif
ok = 1;
ok = 1;
@@
-456,6
+464,7
@@
static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
goto err;
}
}
goto err;
}
}
+#ifndef OPENSSL_NO_EC2M
else /* nid == NID_X9_62_characteristic_two_field */
{
if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL))
else /* nid == NID_X9_62_characteristic_two_field */
{
if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL))
@@
-464,7
+473,7
@@
static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
goto err;
}
}
goto err;
}
}
-
+#endif
len_1 = (size_t)BN_num_bytes(tmp_1);
len_2 = (size_t)BN_num_bytes(tmp_2);
len_1 = (size_t)BN_num_bytes(tmp_1);
len_2 = (size_t)BN_num_bytes(tmp_2);
@@
-775,8
+784,13
@@
static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
/* get the field parameters */
tmp = OBJ_obj2nid(params->fieldID->fieldType);
/* get the field parameters */
tmp = OBJ_obj2nid(params->fieldID->fieldType);
-
if (tmp == NID_X9_62_characteristic_two_field)
if (tmp == NID_X9_62_characteristic_two_field)
+#ifdef OPENSSL_NO_EC2M
+ {
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_GF2M_NOT_SUPPORTED);
+ goto err;
+ }
+#else
{
X9_62_CHARACTERISTIC_TWO *char_two;
{
X9_62_CHARACTERISTIC_TWO *char_two;
@@
-862,6
+876,7
@@
static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
/* create the EC_GROUP structure */
ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
}
/* create the EC_GROUP structure */
ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
}
+#endif
else if (tmp == NID_X9_62_prime_field)
{
/* we have a curve over a prime field */
else if (tmp == NID_X9_62_prime_field)
{
/* we have a curve over a prime field */
@@
-1065,6
+1080,7
@@
EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
if ((group = ec_asn1_pkparameters2group(params)) == NULL)
{
ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE);
if ((group = ec_asn1_pkparameters2group(params)) == NULL)
{
ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE);
+ ECPKPARAMETERS_free(params);
return NULL;
}
return NULL;
}
@@
-1167,29
+1183,46
@@
EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
goto err;
}
goto err;
}
+ if (ret->pub_key)
+ EC_POINT_clear_free(ret->pub_key);
+ ret->pub_key = EC_POINT_new(ret->group);
+ if (ret->pub_key == NULL)
+ {
+ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+ goto err;
+ }
+
if (priv_key->publicKey)
{
const unsigned char *pub_oct;
if (priv_key->publicKey)
{
const unsigned char *pub_oct;
-
size_
t pub_oct_len;
+
in
t pub_oct_len;
- if (ret->pub_key)
-
EC_POINT_clear_free(ret->pub_k
ey);
- ret->pub_key = EC_POINT_new(ret->group);
-
if (ret->pub_key == NULL
)
+ pub_oct = M_ASN1_STRING_data(priv_key->publicKey);
+
pub_oct_len = M_ASN1_STRING_length(priv_key->publicK
ey);
+ /* The first byte - point conversion form - must be present. */
+
if (pub_oct_len <= 0
)
{
{
- ECerr(EC_F_D2I_ECPRIVATEKEY, E
RR_R_EC_LIB
);
+ ECerr(EC_F_D2I_ECPRIVATEKEY, E
C_R_BUFFER_TOO_SMALL
);
goto err;
}
goto err;
}
- pub_oct = M_ASN1_STRING_data(priv_key->publicKey);
- pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey);
- /* save the point conversion form */
+ /* Save the point conversion form. */
ret->conv_form = (point_conversion_form_t)(pub_oct[0] & ~0x01);
if (!EC_POINT_oct2point(ret->group, ret->pub_key,
ret->conv_form = (point_conversion_form_t)(pub_oct[0] & ~0x01);
if (!EC_POINT_oct2point(ret->group, ret->pub_key,
- pub_oct, pub_oct_len, NULL))
+ pub_oct, (size_t)(pub_oct_len), NULL))
+ {
+ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+ goto err;
+ }
+ }
+ else
+ {
+ if (!EC_POINT_mul(ret->group, ret->pub_key, ret->priv_key, NULL, NULL, NULL))
{
ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
goto err;
}
{
ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
goto err;
}
+ /* Remember the original private-key-only encoding. */
+ ret->enc_flag |= EC_PKEY_NO_PUBKEY;
}
ok = 1;
}
ok = 1;
@@
-1214,7
+1247,8
@@
int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
size_t buf_len=0, tmp_len;
EC_PRIVATEKEY *priv_key=NULL;
size_t buf_len=0, tmp_len;
EC_PRIVATEKEY *priv_key=NULL;
- if (a == NULL || a->group == NULL || a->priv_key == NULL)
+ if (a == NULL || a->group == NULL || a->priv_key == NULL ||
+ (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key == NULL))
{
ECerr(EC_F_I2D_ECPRIVATEKEY,
ERR_R_PASSED_NULL_PARAMETER);
{
ECerr(EC_F_I2D_ECPRIVATEKEY,
ERR_R_PASSED_NULL_PARAMETER);
@@
-1419,8
+1453,11
@@
int i2o_ECPublicKey(EC_KEY *a, unsigned char **out)
*out, buf_len, NULL))
{
ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB);
*out, buf_len, NULL))
{
ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB);
- OPENSSL_free(*out);
- *out = NULL;
+ if (new_buffer)
+ {
+ OPENSSL_free(*out);
+ *out = NULL;
+ }
return 0;
}
if (!new_buffer)
return 0;
}
if (!new_buffer)