Fix EC_KEY_set_private_key() priv_key regression

This allows to set EC_KEY's private key to NULL and fixes regression issue following OTC guideline in https://github.com/openssl/openssl/issues/18744#issuecomment-1195175696 Fixes #18744. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/18942)
author: Roberto Hueso Gomez <roberto@robertohueso.org> 2022-07-26 20:41:02 +0200
committer: Nicola Tuveri <nic.tuv@gmail.com> 2022-08-04 12:17:06 +0300
commit: b304b3e8f7397c3e949e3664e6ceaee5dc811b32 (patch)
tree: b1d4569f9da2779190eaf971081b8a67cea93a22 /crypto/ec
parent: 0a90577e717f76483525b2d8be6a42a9f04020d8 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index 0ae1c3f367..1bbca360e2 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -721,6 +721,16 @@ int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key)
         return 0;
 
     /*
+     * Return `0` to comply with legacy behavior for this function, see
+     * https://github.com/openssl/openssl/issues/18744#issuecomment-1195175696
+     */
+    if (priv_key == NULL) {
+        BN_clear_free(key->priv_key);
+        key->priv_key = NULL;
+        return 0; /* intentional for legacy compatibility */
+    }
+
+    /*
      * We should never leak the bit length of the secret scalar in the key,
      * so we always set the `BN_FLG_CONSTTIME` flag on the internal `BIGNUM`
      * holding the secret scalar.
author	Roberto Hueso Gomez <roberto@robertohueso.org>	2022-07-26 20:41:02 +0200
committer	Nicola Tuveri <nic.tuv@gmail.com>	2022-08-04 12:17:06 +0300
commit	b304b3e8f7397c3e949e3664e6ceaee5dc811b32 (patch)
tree	b1d4569f9da2779190eaf971081b8a67cea93a22 /crypto/ec
parent	0a90577e717f76483525b2d8be6a42a9f04020d8 (diff)