diff options
| author | Nicola Tuveri <nic.tuv@gmail.com> | 2020-06-29 00:53:46 +0300 |
|---|---|---|
| committer | Nicola Tuveri <nic.tuv@gmail.com> | 2020-07-06 19:15:36 +0300 |
| commit | e0137ca92b4abf65acde15b255ae58d7e76af22f (patch) | |
| tree | c12f559221429f52e08a5df2f6c167a1127aabcb /providers | |
| parent | 8c330e1939d6b7db93a963116354ef80ca0babb3 (diff) | |
[EC][ASN1] Detect missing OID when serializing EC parameters and keys
The following built-in curves do not have an assigned OID:
- Oakley-EC2N-3
- Oakley-EC2N-4
In general we shouldn't assume that an OID is always available.
This commit detects such cases, raises an error and returns appropriate
return values so that the condition can be detected and correctly
handled by the callers, when serializing EC parameters or EC keys with
the default `ec_param_enc:named_curve`.
Fixes #12306
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12313)
Diffstat (limited to 'providers')
| -rw-r--r-- | providers/common/include/prov/providercommonerr.h | 1 | ||||
| -rw-r--r-- | providers/common/provider_err.c | 1 | ||||
| -rw-r--r-- | providers/implementations/serializers/serializer_ec.c | 8 |
3 files changed, 10 insertions, 0 deletions
diff --git a/providers/common/include/prov/providercommonerr.h b/providers/common/include/prov/providercommonerr.h index b7fd2c2bf4..c21537fd4f 100644 --- a/providers/common/include/prov/providercommonerr.h +++ b/providers/common/include/prov/providercommonerr.h @@ -113,6 +113,7 @@ int ERR_load_PROV_strings(void); # define PROV_R_MISSING_KEY 128 # define PROV_R_MISSING_MAC 150 # define PROV_R_MISSING_MESSAGE_DIGEST 129 +# define PROV_R_MISSING_OID 209 # define PROV_R_MISSING_PASS 130 # define PROV_R_MISSING_SALT 131 # define PROV_R_MISSING_SECRET 132 diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c index 08978189b9..7a0e0c595d 100644 --- a/providers/common/provider_err.c +++ b/providers/common/provider_err.c @@ -112,6 +112,7 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_MAC), "missing mac"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_MESSAGE_DIGEST), "missing message digest"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_OID), "missing OID"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_PASS), "missing pass"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_SALT), "missing salt"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_SECRET), "missing secret"}, diff --git a/providers/implementations/serializers/serializer_ec.c b/providers/implementations/serializers/serializer_ec.c index 4d81651c5a..0dbc889d34 100644 --- a/providers/implementations/serializers/serializer_ec.c +++ b/providers/implementations/serializers/serializer_ec.c @@ -11,6 +11,7 @@ #include "crypto/ec.h" #include "prov/bio.h" /* ossl_prov_bio_printf() */ #include "prov/implementations.h" /* ec_keymgmt_functions */ +#include "prov/providercommonerr.h" /* PROV_R_MISSING_OID */ #include "serializer_local.h" void ec_get_new_free_import(OSSL_FUNC_keymgmt_new_fn **ec_new, @@ -117,6 +118,13 @@ int ossl_prov_prepare_ec_params(const void *eckey, int nid, return 0; } + if (OBJ_length(params) == 0) { + /* Some curves might not have an associated OID */ + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_OID); + ASN1_OBJECT_free(params); + return 0; + } + *pstr = params; *pstrtype = V_ASN1_OBJECT; return 1; |