From: David Benjamin <davidben@google.com>
Date: Mon, 7 Mar 2016 14:57:58 +0000 (-0500)
Subject: RT 4393: Call EC_GROUP_order_bits in priv2opt.
X-Git-Tag: OpenSSL_1_1_0-pre5~210
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=fe56d8e8a3665dc7e6784e0c170f790e6df8153f

RT 4393: Call EC_GROUP_order_bits in priv2opt.

The private key is a scalar and should be sized by the order, not the
degree. See RFC 5915.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
---

diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index d241154630..f7948ccab2 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -607,7 +607,7 @@ size_t ec_key_simple_priv2oct(const EC_KEY *eckey,
 {
     size_t buf_len;
 
-    buf_len = (EC_GROUP_get_degree(eckey->group) + 7) / 8;
+    buf_len = (EC_GROUP_order_bits(eckey->group) + 7) / 8;
     if (eckey->priv_key == NULL)
         return 0;
     if (buf == NULL)