]> granicus.if.org Git - openssl/commitdiff
RT3065: automatically generate a missing EC public key
authorMatt Caswell <matt@openssl.org>
Fri, 22 Aug 2014 16:04:19 +0000 (18:04 +0200)
committerEmilia Kasper <emilia@openssl.org>
Wed, 27 Aug 2014 17:50:15 +0000 (19:50 +0200)
When d2i_ECPrivateKey reads a private key with a missing (optional) public key,
generate one automatically from the group and private key.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit ed383f847156940e93f256fed78599873a4a9b28)

crypto/ec/ec_asn1.c
doc/crypto/EC_KEY_new.pod

index 510295ef2bf08bf54a80ba333a6d7ea94fe8ee97..26d6360454f95e0c84d33db75e29e98fcea33529 100644 (file)
@@ -1183,19 +1183,20 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
                goto err;
                }
 
+       if (ret->pub_key)
+               EC_POINT_clear_free(ret->pub_key);
+       ret->pub_key = EC_POINT_new(ret->group);
+       if (ret->pub_key == NULL)
+               {
+               ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+               goto err;
+               }
+
        if (priv_key->publicKey)
                {
                const unsigned char *pub_oct;
                size_t pub_oct_len;
 
-               if (ret->pub_key)
-                       EC_POINT_clear_free(ret->pub_key);
-               ret->pub_key = EC_POINT_new(ret->group);
-               if (ret->pub_key == NULL)
-                       {
-                       ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
-                       goto err;
-                       }
                pub_oct     = M_ASN1_STRING_data(priv_key->publicKey);
                pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey);
                /* save the point conversion form */
@@ -1207,6 +1208,16 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
                        goto err;
                        }
                }
+       else
+               {
+               if (!EC_POINT_mul(ret->group, ret->pub_key, ret->priv_key, NULL, NULL, NULL))
+                       {
+                       ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+                       goto err;
+                       }
+               /* Remember the original private-key-only encoding. */
+               ret->enc_flag |= EC_PKEY_NO_PUBKEY;
+               }
 
        ok = 1;
 err:
index b762cbcb73aeb7d0bf35dcfdcaab00ad4e3b0078..2027569f440969cf0bac51426653df90c6aea09c 100644 (file)
@@ -74,6 +74,11 @@ flags currently defined - EC_PKEY_NO_PARAMETERS and EC_PKEY_NO_PUBKEY.  These fl
 converted into ASN1 in a call to i2d_ECPrivateKey. If EC_PKEY_NO_PARAMETERS is set then the public parameters for the curve are not encoded
 along with the private key. If EC_PKEY_NO_PUBKEY is set then the public key is not encoded along with the private key.
 
+When reading a private key encoded with EC_PKEY_NO_PUBKEY,
+d2i_ECPrivateKey generates the missing public key
+automatically. Private keys encoded with EC_PKEY_NO_PARAMETERS cannot
+be loaded using d2i_ECPrivateKey.
+
 The functions EC_KEY_get_conv_form and EC_KEY_set_conv_form get and set the point_conversion_form for the B<key>. For a description
 of point_conversion_forms please refer to L<EC_POINT_new(3)|EC_POINT_new(3)>.